Ransomware attacks targeting Linux are on the rise as cybercriminals seek to expand their options and target an operating system often neglected by enterprises when it comes to security.
According to an analysis carried out by cybersecurity researchers at Trend Micro, Linux servers are indeed increasingly the target of this type of attack which aims to encrypt data to extort a ransom.
For Trend Micro, detections of cyberattacks targeting servers running this open-source operating system have increased by 75% over the past year, information that suggests that cybercriminals are looking to extend their attacks beyond the Windows operating systems.
attractive target
Linux powers significant corporate IT infrastructure, including servers, making it an attractive target for ransomware gangs. The perceived lack of a threat to Linux systems compared to Windows makes this target even more attractive to these cybercriminals. Cybersecurity teams might indeed choose to focus on defending Windows networks against cybercrime, leaving the protection of their Linux servers in the background.
However, Trend Micro researchers note that ransomware gangs are increasingly tailoring their attacks to focus specifically on Linux systems. For example, Lockbit, one of the most prolific and effective ransomware of recent times, now offers a Linux-based variant designed to specifically target these systems.
Cybercriminals are indeed motivated by the prospect of obtaining new ransoms. So they don’t hesitate to seize new opportunities, like these attacks targeting Linux environments, if they think they can help them make more money.
Cryptominers
“They continue to evolve their business model, focusing their attacks even more precisely. That’s why it’s critical for organizations to better map, understand and protect their digital attack surface,” said Jon Clay, vice president of threat intelligence at Trend Micro.
Ransomware gangs aren’t the only ones with a growing interest in Linux. Malicious Linux-based cryptominers, which allow cybercriminals to stealthily harness the power of infected computers and servers to mine cryptocurrency, are up 145%, according to Trend Micro.
Dirty Blowjob
Cybercriminals manage to hijack Linux systems for their own benefit by exploiting unpatched vulnerabilities. According to the report, these flaws include CVE-2022-0847, also known as Dirty Pipe. This vulnerability, “relatively easy to exploit” according to the researchers, affects the Linux kernel from versions 5.8 and later. It allows attackers to take control of affected systems.
To protect yourself, it is recommended that you apply all security patches as soon as possible to prevent cybercriminals from taking advantage of known vulnerabilities for which patches are available. It is also recommended to use multi-factor authentication throughout its ecosystem, a way to implement an additional layer of defense against attacks.
Source: ZDNet.com