Experiencing a Breach?

Get Started with SentinelOne Today

Linux Operating System Attacks are Nothing New—But is the Problem Getting Worse?

Linux Operating System Frigate at the Edge

Because of the Windows operating system’s global dominance in terms of market share, cyber threats tend to focus heavily on its vulnerabilities. However, we know the Linux open source operating system is emerging as a universal force and attackers are taking notice.

Attack vectors for the Linux operating system have long been relegated to small-time fraudsters. Now, as Linux gains traction as a critical component of the increasingly-connected world, Kaspersky research has found that attackers have mastered the non-Windows Linux platform (especially as Android market dominance puts its kernel in the spotlight).

Companies may not have worried about Linux cyber threats in the past, but the problem is getting worse.

FairWare Ransomware Hits Linux Web Servers

There are many different ways that attackers can go after Linux machines—breaches via web servers or SQL servers, command injection, SSH compromise, and more. However, ransomware is an emerging threat to the open source operating system now that attacks are evolving.

The first instance of Linux ransomware, Linux.encoder.1, surfaced in 2015, but now the FairWare ransomware is targeting the Linux operating system. While the fact that attackers are compromising web folders, deleting files so that websites fail, and trying to scare people into paying a ransom of over $1,000, the real issue is how attackers are compromising these web servers in the first place.

Linux users implement Redis in order to store and retrieve data efficiently. Even though Redis developers recommend not to use Redis in Internet-facing situations, many users use the technology in an IoT environment, opening it up to the risks of internet-connectivity. Attackers can target these vulnerable, internet-facing Redis servers and view/modify any stored data for a Linux website.

In the case of FairWare ransomware, attackers used the Redis vulnerability as a foothold to move laterally into Linux web folders, giving them access to edit/delete web files which caused websites to go down. The problem is that attackers are able to automate the process, scanning the internet to detect vulnerable Redis and launch their ransomware attacks.

This kind of mass-targeting is characteristic of the small-time fraud incidents that Linux is generally hit by, but Linux security problems may grow worse as attacks become increasingly targeted and enterprise-focused.

Linux in Business Means Security Problems Could Get Worse

Linux Operating System Attacks Train Incoming

A free, open source operating system gives companies the kind of foundation necessary to adapt to an IoT-enabled business world. However, the main challenge with increasing connectivity and open source platforms is security.

There’s a reason why business-critical applications in large enterprises haven’t totally gravitated toward open source platforms and the public cloud—they just haven’t been reliable enough in the past. Now, the benefits of going open source seem to be outweighing security concerns as companies try to keep up with the demands of IoT-enabled business. But that doesn’t mean security is no longer a concern.

Open source security concerns aren’t as prolific as they once were, but as the growth of Linux continues to take over the business world, you have to be able to protect your valuable assets.

Stay tuned for the third (and final) part of this Linux blog series in which we’ll give a more comprehensive overview of Linux security threats and explain how you can improve your security stack to address any concerns.