Linux Malware Attacks Are A Thing…. And Businesses Aren’t Prepared

Linux in the enterprise is becoming more prevalent. Which means that threat actors are going to target Linux boxes more often. The thing is that while threat actors have upped their game in terms of going after Linux boxes, business users haven’t upped their game in terms of defending themselves:

Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity – and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. 

Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there’s also a lack of focus on managing and detecting threats against them. This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments. 

That rise has opened new avenues that cyber criminals can exploit to compromise enterprise networks, as detailed by the research paper, including ransomware and cryptojacking attacks tailored to target Linux servers in environments that might not be as strictly monitored as those running Windows. 

These attacks are designed for maximum impact, as the cyber criminals look to compromise as much as the network as possible before triggering the encryption process and ultimately demanding a ransom for the decryption key. 

It’s pretty clear that the attack surface is increasing. Which means that companies have to make immediate moves to defend themselves. The big question is, will businesses make the same level of investments that they have on the Windows side of the fence when it comes to Linux, or any other platform for that matter? I question that as I have been called into situations where a company has already been pwned and I’m expected to help them plug the holes that allowed the threat actors to get in and do their evil work. But maybe this time will be different. Though I am not holding my breath on that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: