Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report

The “Linux Threat Report 2021 1H” from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.

This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

Key findings include that Linux is powerful, universal, and dependable, but not devoid of flaws, according to the researchers. However, like other operating systems, Linux remains susceptible to attacks.

Linux in the cloud powers most infrastructures, and Linux users make up the majority of the Trend Micro Cloud One enterprise customer base at 61 percent, compared to 39 percent Windows users.

The data comes from the Trend Micro Smart Protection Network (SPN) or the data reservoir for all detections across all Trend Micro’s products. The results show enterprise Linux at considerable risk from system configuration mistakes and outdated Linux distributions.

For instance, data from internet scan engine Censys.io revealed that nearly 14 million results for exposed devices running any sort of Linux operating system on July 6, 2021. A search for port 22 in Shodan, a port commonly used for Secure Shell Protocol (SSH) for Linux-based machines, showed almost 19 million exposed devices detected as of July 27, 2021.

Like any operating system, security depends entirely on how you use, configure, or manage the operating system. Each new Linux update tries to improve security. However, to get the value you must enable and configure it correctly, cautioned Joseph Carson, chief security scientist and advisory CISO at Thycotic.

“The state of Linux security today is rather good and has evolved in a positive way, with much more visibility and security features built-in. Nevertheless, like many operating systems, you must install, configure, and manage it with security in mind — as how cybercriminals take advantage is the human touch,” he told LinuxInsider.

Top Linux Threats

The Trend Micro Report disclosed rampant malware families within Linux systems. Unlike previous reports based on malware types, this study focused on the prevalence of Linux as an operating system and the pervasiveness of the various threats and vulnerabilities that stalk the OS.

That approach showed that the top three threat detections originated in the U.S. (almost 40 percent), Thailand (19 percent), and Singapore (14 percent).

Detections arose from systems running end-of-life versions of Linux distributions. The four expired distributions were from CentOS versions 7.4 to 7.9 (almost 44 percent), CloudLinux Server (more than 40 percent), and Ubuntu (about 7 percent).

Trend Micro tracked more than 13 million malware events flagged from its sensors. Researchers then cultivated a list of the prominent threat types consolidated from the top 10 malware families affecting Linux servers from Jan. 1 to June 30, 2021.

The top threat types found in Linux systems in the first half of 2021 are:

  • Coinminers (24.56 percent)
  • Web shell (19.92 percent)
  • Ransomware (11.56 percent)
  • Trojans (9.56 percent)
  • Others (3.15 percent)

The top four Linux distributions where the top threat types in Linux systems were found in H1-2021 are:

  • CentOS Linux (50.80 percent)
  • CloudLinux Server (31.24 percent)
  • Ubuntu Server (9.56 percent)
  • Red Hat Enterprise Linux Server (2.73 percent)

Top malware families include:

  • Coinminers (25 percent)
  • Web shells (20 percent)
  • Ransomware (12 percent)

CentOS Linux and CloudLinux Server are the top Linux distributions with the found threat types, while web application attacks happen to be the most common attack vector.

Web Apps Top Targets

Most of the applications and workloads exposed to the internet run web applications. Web application attacks are among the most common attack vectors in Trend Micro’s telemetry, said researchers.

If launched successfully, web app attacks allow hackers to execute arbitrary scripts and compromise secrets. Web app attacks also can modify, extract, or destroy data. The research shows that 76 percent of the attacks are web-based.

The LAMP stack (Linux, Apache, MySQL, PHP) made it inexpensive and easy to create web applications. In a very real way, it democratized the internet so anyone can set up a web application, according to John Bambenek, threat intelligence advisor at Netenrich.

“The problem with that is that anyone can set up a web app. While we are still waiting for the year of Linux on the desktop, it is important for organizations to use best practices for their web presences. Typically, this means staying on top of CMS patches/updates and routine scanning with even open-source tools (like the Zed Attack Proxy) to find and remediate SQL injection vulnerabilities,” he told LinuxInsider.

The report referenced the Open Web Application Security Project (OWASP) top 10 security risks, which lists injection flaws and cross-scripting (XSS) attacks remaining as high as ever. What strikes Trend Micro researchers as significant is the high number of insecure deserialization vulnerabilities.

This is partly due to the ubiquity of Java and deserialization vulnerabilities in it, according to Trend Micro. It’s report also noted that the Liferay Portal, Ruby on Rails, and Red Hat JBoss deserialization vulnerabilities as being prominent.

Attackers also try to use vulnerabilities where there is broken authentication to gain unauthorized access to systems. Plus, the number of command injection hits also poses a surprise as they are higher than what Trend Micro’s analysts expected.

Expected Trend

It is no surprise that the majority of these attacks are web-based. Every website is different, written by different developers with different skill sets, observed Shawn Smith, director of infrastructure at nVisium.

“There is a wide range of different frameworks across a multitude of languages with various components that all have their own advantages and drawbacks. Combine this with the fact that not all developers are security gurus, and you’ve got an incredibly alluring target,” he told LinuxInsider.

Web servers are one of the most common services to expose to the internet because most of the world interacts with the internet through websites. There are other areas exposed — like FTP or IRC servers — but the vast majority of the world is using websites as their main contact point to the internet.

“As a result, this is where attackers will focus to get the biggest return on investment for their time spent,” Smith said.

OSS Linked to Supply Chain Attacks

Software supply chains must be secured to deal with the Linux attack landscape as well, noted the Trend Micro report. Attackers can insert malicious code to compromise software components of third-party suppliers. That code then connects to a command-and-control server to download and deploy backdoors and other malicious payloads within the system, causing remote code.

This can lead to remote code execution to an enterprise’s system and computing resources. Supply chain attacks can also come from misconfigurations, which are the second top incident type in cloud-native environments, according to the Trend Micro report. More than 56 percent of their survey respondents had a misconfiguration or known unpatched vulnerability incident involving their cloud-native applications.

Hackers are having an easy time. “The major attack types on web-based applications have remained constant over the recent past. That, combined with the rising time-to-fix and declining remediation rates, makes the hackers’ job easier,” said Setu Kulkarni, vice president of strategy at NTT Application Security.

Organizations need to test applications in production, figuring out what their top three-to-five vulnerability types are. Then launch a targeted campaign to address them, rinse, and repeat, he recommended.

The “Linux Threat Report 2021 1H” is available here.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

Which review ratings influence your decision to purchase a product or service?
- select any that apply -
Loading ... Loading ...

TechNewsWorld Channels

Adobe’s Frame.io Buy Answers Video Collaboration Needs

video production

Adobe on Aug. 19 announced it has entered into a definitive agreement to acquire cloud-based video collaboration platform Frame.io. The acquisition joins Adobe Creative Cloud’s video capabilities with Frame.io’s cloud-first workflow functionality to create an end-to-end video collaboration platform.

With over a million users across media and entertainment companies, agencies, and global brands, Frame.io accelerates the production process by enabling video editors and key project stakeholders to collaborate using cloud-first workflows. The combination of Adobe’s creative software and Frame.io’s review and approval functionality will deliver a collaboration platform that expedites the video editing process.

Video creation and consumption are experiencing tremendous growth. Video teams must produce an ever-increasing volume of content. Each video project requires various stakeholders, including video editors, producers, agencies, and clients.

Today’s video workflows are disjointed with multiple tools and communication channels being used to solicit stakeholder feedback. Frame.io eliminates the inefficiencies of video workflows by enabling real-time footage upload, access, and in-line stakeholder collaboration in a secure and elegant experience across surfaces, Adobe said in its announcement of the deal.

When the acquisition closes, Frame.io co-founder and CEO Emery Wells and co-founder John Traver will join Adobe. Wells will continue to lead the Frame.io team, reporting to Scott Belsky, chief product officer and executive vice president of Adobe Creative Cloud. Wells and Traver started Frame.io in 2015.

 

The transaction, valued at US$1.275 billion, subject to customary purchase price adjustments, is expected to close during the fourth quarter of Adobe’s 2021 fiscal year. Until the transaction closes, each company will continue to operate independently.The closure is subject to regulatory approval and customary closing conditions.

Strengthens Creative Cooperation

Collaboration is the next wave of creativity, noted Adobe. Digital collaboration is now the foundation of all creative endeavors.

“We’ve entered a new era of connected creativity that is deeply collaborative, and we imagine a world where everyone can participate in the creative process,” said Belsky. “With this acquisition, we’re welcoming an incredible customer-oriented team and adding Frame.io’s cloud-native workflow capabilities to make the creative process more collaborative, productive, and efficient to further unleash creativity for all.”

 

Adobe’s acquisition of Frame.io brings Adobe Creative Cloud’s collaboration services to video and builds on recent innovations for creative collaboration. These include Adobe Creative Cloud Libraries, Cloud Documents, Design Systems in Adobe XD, Adobe Stock, and Adobe Fonts. Those assets combined with Frame.io will make it easy for teams to collaborate across Adobe Premiere Pro, Adobe Photoshop, Adobe Illustrator, and other Adobe Creative Cloud applications, according to Adobe.

Video workflows must empower all stakeholders. The combination of Frame.io and Adobe, Creative Cloud customers, along with video editors, producers, and marketers will heighten seamless collaboration on video projects with Frame.io workflow functionality built natively in Adobe Creative Cloud applications like Adobe Premiere Pro, Adobe After Effects, and Adobe Photoshop.

“Frame.io and Adobe share a vision for the future of video creation and collaboration that brings together Adobe’s strength in video creation and production and Frame.io’s cloud-native platform,” said Wells. “We’re excited to join Adobe to continue to drive video innovation for the world’s leading media and entertainment companies, agencies, and brands.”

Innovation benefits the video ecosystem. For instance, Frame.io customers and partners will benefit from the company’s robust plug-ins and third-party application support, along with the innovation generated by the combined Adobe Creative Cloud and Frame.io teams.

With the addition of Frame.io, Adobe Creative Cloud’s commitment to enabling collaboration across all stakeholders of creativity extends beyond Adobe’s applications to the growing number of third-party applications across the creative ecosystem.

Industry Overloaded

The continuing expansion of creative content has outgrown the industry’s ability to keep up with managing productivity, according to Anthony Welgemoed, CEO and co-founder of Ziflow. His company is an online proofing and collaboration solution with over one million users.

“The volume of creative content being produced still keeps increasing,” he told TechNewsWorld.

For example, a video ad stays relevant for only five days. All of these creative teams are having to do more with the same resource, he offered.

But technology has responded with new solutions, some of which are starting to include artificial intelligence and machine learning. These new tools coming to the market are helping creators produce content faster and better.

Some of these platforms are web-based and provide some of its features for free. Two such solutions he mentioned are Figma and Canva. Figma is a web-based graphics design tool with a real-time collaborative interface. Canva is a platform used by graphic artists to edit and create custom designs in a team environment.

But as competitors to what Adobe and Frame.io offer, such products do not address the biggest bottleneck content designers face, observed Welgemoed.

“The review and approval of this content leave great production teams with less time to be creative. So really, it is just a volume of content explosion that is still ongoing, as it has been for the last two decades,” he said.

Post-Production Video Team Solutions

Adobe’s acquisition of Frame.io will focus more awareness on the need for the industry to solve the growing content collaboration issues. More competition of content services is the endgame.

While Adobe’s latest acquisition will let it leverage Creative Cloud storage, other solutions are needed to help content designers with the reviewing and approval processes. Ziflow’s platform simplifies content review and approval with its online proofing software for marketers and creatives.

“We see two types of situations among content teams. Some design teams do not use anything at all. Others are still using back and forth email exchange,” said Welgemoed.

In most cases, content creators see Ziflow’s platform as a system of record for credit production teams. Ziflow has a copy of every version of content designers produce.

“We have every comment made by every content reviewer. So using all that data, we can start building models that we can then use to automate parts of that review process, and we believe this is where we can reduce that turnaround time very significantly by leveraging AI and ML,” he explained.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories