Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report

The “Linux Threat Report 2021 1H” from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.

This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

Key findings include that Linux is powerful, universal, and dependable, but not devoid of flaws, according to the researchers. However, like other operating systems, Linux remains susceptible to attacks.

Linux in the cloud powers most infrastructures, and Linux users make up the majority of the Trend Micro Cloud One enterprise customer base at 61 percent, compared to 39 percent Windows users.

The data comes from the Trend Micro Smart Protection Network (SPN) or the data reservoir for all detections across all Trend Micro’s products. The results show enterprise Linux at considerable risk from system configuration mistakes and outdated Linux distributions.

For instance, data from internet scan engine Censys.io revealed that nearly 14 million results for exposed devices running any sort of Linux operating system on July 6, 2021. A search for port 22 in Shodan, a port commonly used for Secure Shell Protocol (SSH) for Linux-based machines, showed almost 19 million exposed devices detected as of July 27, 2021.

Like any operating system, security depends entirely on how you use, configure, or manage the operating system. Each new Linux update tries to improve security. However, to get the value you must enable and configure it correctly, cautioned Joseph Carson, chief security scientist and advisory CISO at Thycotic.

“The state of Linux security today is rather good and has evolved in a positive way, with much more visibility and security features built-in. Nevertheless, like many operating systems, you must install, configure, and manage it with security in mind — as how cybercriminals take advantage is the human touch,” he told LinuxInsider.

Top Linux Threats

The Trend Micro Report disclosed rampant malware families within Linux systems. Unlike previous reports based on malware types, this study focused on the prevalence of Linux as an operating system and the pervasiveness of the various threats and vulnerabilities that stalk the OS.

That approach showed that the top three threat detections originated in the U.S. (almost 40 percent), Thailand (19 percent), and Singapore (14 percent).

Detections arose from systems running end-of-life versions of Linux distributions. The four expired distributions were from CentOS versions 7.4 to 7.9 (almost 44 percent), CloudLinux Server (more than 40 percent), and Ubuntu (about 7 percent).

Trend Micro tracked more than 13 million malware events flagged from its sensors. Researchers then cultivated a list of the prominent threat types consolidated from the top 10 malware families affecting Linux servers from Jan. 1 to June 30, 2021.

The top threat types found in Linux systems in the first half of 2021 are:

  • Coinminers (24.56 percent)
  • Web shell (19.92 percent)
  • Ransomware (11.56 percent)
  • Trojans (9.56 percent)
  • Others (3.15 percent)

The top four Linux distributions where the top threat types in Linux systems were found in H1-2021 are:

  • CentOS Linux (50.80 percent)
  • CloudLinux Server (31.24 percent)
  • Ubuntu Server (9.56 percent)
  • Red Hat Enterprise Linux Server (2.73 percent)

Top malware families include:

  • Coinminers (25 percent)
  • Web shells (20 percent)
  • Ransomware (12 percent)

CentOS Linux and CloudLinux Server are the top Linux distributions with the found threat types, while web application attacks happen to be the most common attack vector.

Web Apps Top Targets

Most of the applications and workloads exposed to the internet run web applications. Web application attacks are among the most common attack vectors in Trend Micro’s telemetry, said researchers.

If launched successfully, web app attacks allow hackers to execute arbitrary scripts and compromise secrets. Web app attacks also can modify, extract, or destroy data. The research shows that 76 percent of the attacks are web-based.

The LAMP stack (Linux, Apache, MySQL, PHP) made it inexpensive and easy to create web applications. In a very real way, it democratized the internet so anyone can set up a web application, according to John Bambenek, threat intelligence advisor at Netenrich.

“The problem with that is that anyone can set up a web app. While we are still waiting for the year of Linux on the desktop, it is important for organizations to use best practices for their web presences. Typically, this means staying on top of CMS patches/updates and routine scanning with even open-source tools (like the Zed Attack Proxy) to find and remediate SQL injection vulnerabilities,” he told LinuxInsider.

The report referenced the Open Web Application Security Project (OWASP) top 10 security risks, which lists injection flaws and cross-scripting (XSS) attacks remaining as high as ever. What strikes Trend Micro researchers as significant is the high number of insecure deserialization vulnerabilities.

This is partly due to the ubiquity of Java and deserialization vulnerabilities in it, according to Trend Micro. It’s report also noted that the Liferay Portal, Ruby on Rails, and Red Hat JBoss deserialization vulnerabilities as being prominent.

Attackers also try to use vulnerabilities where there is broken authentication to gain unauthorized access to systems. Plus, the number of command injection hits also poses a surprise as they are higher than what Trend Micro’s analysts expected.

Expected Trend

It is no surprise that the majority of these attacks are web-based. Every website is different, written by different developers with different skill sets, observed Shawn Smith, director of infrastructure at nVisium.

“There is a wide range of different frameworks across a multitude of languages with various components that all have their own advantages and drawbacks. Combine this with the fact that not all developers are security gurus, and you’ve got an incredibly alluring target,” he told LinuxInsider.

Web servers are one of the most common services to expose to the internet because most of the world interacts with the internet through websites. There are other areas exposed — like FTP or IRC servers — but the vast majority of the world is using websites as their main contact point to the internet.

“As a result, this is where attackers will focus to get the biggest return on investment for their time spent,” Smith said.

OSS Linked to Supply Chain Attacks

Software supply chains must be secured to deal with the Linux attack landscape as well, noted the Trend Micro report. Attackers can insert malicious code to compromise software components of third-party suppliers. That code then connects to a command-and-control server to download and deploy backdoors and other malicious payloads within the system, causing remote code.

This can lead to remote code execution to an enterprise’s system and computing resources. Supply chain attacks can also come from misconfigurations, which are the second top incident type in cloud-native environments, according to the Trend Micro report. More than 56 percent of their survey respondents had a misconfiguration or known unpatched vulnerability incident involving their cloud-native applications.

Hackers are having an easy time. “The major attack types on web-based applications have remained constant over the recent past. That, combined with the rising time-to-fix and declining remediation rates, makes the hackers’ job easier,” said Setu Kulkarni, vice president of strategy at NTT Application Security.

Organizations need to test applications in production, figuring out what their top three-to-five vulnerability types are. Then launch a targeted campaign to address them, rinse, and repeat, he recommended.

The “Linux Threat Report 2021 1H” is available here.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Internet

CRM Buyer Channels


Tesla Smartphone Could Be a Game Changer

Image Credit: Tech Fusion / YouTube

Elon Musk tends to gravitate between brilliant and crazy, making him a lot of fun to watch if you aren’t an investor.

Investors have way too many moments where they may regret their stakes in Musk’s companies, given he makes the related securities and several cryptocurrencies far more volatile than they otherwise would be.

One recent rumor that Musk has been emphasizing is the creation of a Tesla phone with a unique feature set.

The phone makes a lot of sense given where Tesla is going, particularly as a hedge against Apple’s rumored electric car.

Let’s explore the potential for a Tesla phone this week. Then we’ll close with my product of the week, a set of earbuds that are the most comfortable I’ve ever tested.

Tesla’s Apple Problem

Tesla and Apple have a similar approach to their respective markets, and both enjoy similar advantages.

Apple was built by a charismatic leader Steve Jobs, and Elon Musk has done a better job of mirroring Jobs’ unique approach to management and product creation than Tim Cook.

Both companies have impressive brand loyalty with their customers, exact market valuations, and several large companies gunning for them.

Tesla doesn’t do much marketing and has a history of poor quality control. While Apple has reduced its marketing substantially, it still essentially leads its market in this regard, and Apple tends to set the bar in terms of product quality.

There is a very high correlation between iPhone users and Tesla buyers. So, if Apple brings out a car that is highly integrated into the Apple ecosystem, it can take a substantial share from Tesla.

Of all the coming challengers to Tesla, Apple represents the greatest threat due to extreme customer loyalty, visibility, and sizeable marketing budget. Apple’s reserves make it a frightening future competitor to Tesla.

Finally, smartphones are becoming keys on the new Tesla cars, and they are already integrated somewhat with Tesla’s in-car audiovisual technology. Apple would have a leg up with that integration and could break the interoperability with Tesla while driving Apple users from Telsa cars. This last is probably pushing Musk to consider doing his phone.

The Tesla Phone

The rumored phone is expected to have Qualcomm’s high-end Snapdragon 8 Series solution, colors that match Tesla car colors, operate better as a car key for Tesla autos than any other phone, and (this is the iffy part) connect to Starlink.

This last is iffy because, typically, getting a smartphone to connect to a satellite requires a large antenna and a far more powerful radio. However, if they could get it to work, it would provide a vast, unique advantage to Tesla phone users who could get relatively high-bandwidth connections years before 5G is available to them.

I think the better path would be to put the satellite connectivity into the car, which could better conceal the large antenna, and then have the phone connect through the car when a 5G network was unavailable or when you want to watch a movie (to get around data caps). Then the car gets an always-on satellite connection for remote operation and to report on attempted thefts or parking lot damage more reliably.

Last but not least, with smartphones becoming keys to cars, a Tesla phone could be further integrated with your Tesla car.

For instance, it could have dedicated buttons to lock, unlock, locate the vehicle, and scream for help using the car’s external speakers to get attention. The phone would also help the car locate you if you had the autonomous feature and wanted it to pick you up, which would be particularly handy for those of us who forget where we park.

If Elon Musk is more visionary than Tim Cook was with the Apple Watch, he’ll make those features configurable so they could work with other cars, and the phone could be a foot in the door to getting those people to buy Teslas automobiles.

Oh, and as a side note, a Tesla smartwatch that worked with the car might even be more interesting, but I haven’t heard a rumor of that yet. (By the way, there is a Tesla watch. It isn’t a smartwatch and it isn’t from Tesla. I have one, and it is pretty cool).

As far as making a phone that worked out of the box, remember that Qualcomm helped Apple with the first iPhone, and they’ve become far more capable since then. With Qualcomm’s help, Tesla starts with market-leading phone technology and would need to add the car features, which they are certainly more than capable of doing.

Wrapping Up

Tesla could be better than Apple at integrating the car and phone.

Although neither Tesla nor Apple has proven to be great partners, Qualcomm can partner well with anyone and was successful at helping Apple get started when it was far less than it is now.

With Qualcomm’s help, Tesla potentially more than closes Apple’s phone technology advantage. Qualcomm has more car experience than Apple, given their work with car AV and autonomous driving.

Even though Tesla is light on the phone side, Qualcomm will help close that gap; on the car side, Tesla knows far more than Apple. If Tesla can get its quality up to where it needs to be — a big if given its history — they should deliver a better driver experience than Apple can early on.

In addition, the regulatory hurdles surrounding building a car are far more challenging to overcome than when building a phone, so Tesla arguably has a far faster time in the market with Qualcomm than Apple does with only its new car.

Ironically, Steve Jobs was more of a car guy than Tim Cook, suggesting the first Apple car has a very high probability of being Apple’s Zune. If that Apple car is a catastrophe, well, it would likely make not only Elon Musk’s day — but also Steve Ballmer’s since he was the father of Zune and would appreciate Apple having a similar experience.

Rob Enderle's Technology Product of the Week

UE Fits Earbuds

I’m not an earbud person. I have a tendency to lose them; they tend to make my ears itch, and they tend to look dorky.

UE Fits from Ultimate Ears are expensive at $249 retail (currently on sale for $169), but they have one trick that may make them worth it for you. They heat internally when setting them up, allowing the part that goes into your ear to mold to your ear for a perfect fit.

UE FITS earbuds

This product feels very next generation.

A few years back I got a set of similar earbuds, but you had to let the earpieces sit in hot water until they became pliant and then, before they cooled, put them in your ears for the fit. I never got around to that, so I used those earbuds without fitting, which was less than ideal.

These UE Fits take you through the fitting process as part of the setup, provide decent sound when used, and because of the very tight fit, they don’t fall out which often makes me hate earbuds (did I mention that I’m forever losing them?).

They come in three colors: Eclipse (midnight blue that looks black), Cloud (gray), and Dawn (lilac).

UE FITS earbuds color options

Be aware that only Eclipse is still available at the time of this writing, the other colors are sold out, but I think the Eclipse color is the best.

They arrive with only one pair of earpieces, but if they don’t fit, contact the Ultimate Ears folks, and they’ll send out another set in a different size for free.

UE Fits don’t have active noise cancellation, which is unusual for a product in this price class. Still, I doubt they need it with the extremely tight fit, and active noise cancellation on earbuds is always uncertain anyway.

The UE Fits are unique earbuds and a decent bargain right now if you can live with the blue/black color; though getting them by Christmas, given the shipping issues, is risky. But since they feel good in my ears, are less likely to be lost, and are a bargain at the moment, the UE Fits are my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Rob Enderle has been an ECT News Network columnist since 2003. His areas of interest include AI, autonomous driving, drones, personal technology, emerging technology, regulation, litigation, M&E, and technology in politics. He has an MBA in human resources, marketing and computer science. He is also a certified management accountant. Enderle currently is president and principal analyst of the Enderle Group, a consultancy that serves the technology industry. He formerly served as a senior research fellow at Giga Information Group and Forrester. Email Rob.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories