Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report

The “Linux Threat Report 2021 1H” from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.

This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

Key findings include that Linux is powerful, universal, and dependable, but not devoid of flaws, according to the researchers. However, like other operating systems, Linux remains susceptible to attacks.

Linux in the cloud powers most infrastructures, and Linux users make up the majority of the Trend Micro Cloud One enterprise customer base at 61 percent, compared to 39 percent Windows users.

The data comes from the Trend Micro Smart Protection Network (SPN) or the data reservoir for all detections across all Trend Micro’s products. The results show enterprise Linux at considerable risk from system configuration mistakes and outdated Linux distributions.

For instance, data from internet scan engine Censys.io revealed that nearly 14 million results for exposed devices running any sort of Linux operating system on July 6, 2021. A search for port 22 in Shodan, a port commonly used for Secure Shell Protocol (SSH) for Linux-based machines, showed almost 19 million exposed devices detected as of July 27, 2021.

Like any operating system, security depends entirely on how you use, configure, or manage the operating system. Each new Linux update tries to improve security. However, to get the value you must enable and configure it correctly, cautioned Joseph Carson, chief security scientist and advisory CISO at Thycotic.

“The state of Linux security today is rather good and has evolved in a positive way, with much more visibility and security features built-in. Nevertheless, like many operating systems, you must install, configure, and manage it with security in mind — as how cybercriminals take advantage is the human touch,” he told LinuxInsider.

Top Linux Threats

The Trend Micro Report disclosed rampant malware families within Linux systems. Unlike previous reports based on malware types, this study focused on the prevalence of Linux as an operating system and the pervasiveness of the various threats and vulnerabilities that stalk the OS.

That approach showed that the top three threat detections originated in the U.S. (almost 40 percent), Thailand (19 percent), and Singapore (14 percent).

Detections arose from systems running end-of-life versions of Linux distributions. The four expired distributions were from CentOS versions 7.4 to 7.9 (almost 44 percent), CloudLinux Server (more than 40 percent), and Ubuntu (about 7 percent).

Trend Micro tracked more than 13 million malware events flagged from its sensors. Researchers then cultivated a list of the prominent threat types consolidated from the top 10 malware families affecting Linux servers from Jan. 1 to June 30, 2021.

The top threat types found in Linux systems in the first half of 2021 are:

  • Coinminers (24.56 percent)
  • Web shell (19.92 percent)
  • Ransomware (11.56 percent)
  • Trojans (9.56 percent)
  • Others (3.15 percent)

The top four Linux distributions where the top threat types in Linux systems were found in H1-2021 are:

  • CentOS Linux (50.80 percent)
  • CloudLinux Server (31.24 percent)
  • Ubuntu Server (9.56 percent)
  • Red Hat Enterprise Linux Server (2.73 percent)

Top malware families include:

  • Coinminers (25 percent)
  • Web shells (20 percent)
  • Ransomware (12 percent)

CentOS Linux and CloudLinux Server are the top Linux distributions with the found threat types, while web application attacks happen to be the most common attack vector.

Web Apps Top Targets

Most of the applications and workloads exposed to the internet run web applications. Web application attacks are among the most common attack vectors in Trend Micro’s telemetry, said researchers.

If launched successfully, web app attacks allow hackers to execute arbitrary scripts and compromise secrets. Web app attacks also can modify, extract, or destroy data. The research shows that 76 percent of the attacks are web-based.

The LAMP stack (Linux, Apache, MySQL, PHP) made it inexpensive and easy to create web applications. In a very real way, it democratized the internet so anyone can set up a web application, according to John Bambenek, threat intelligence advisor at Netenrich.

“The problem with that is that anyone can set up a web app. While we are still waiting for the year of Linux on the desktop, it is important for organizations to use best practices for their web presences. Typically, this means staying on top of CMS patches/updates and routine scanning with even open-source tools (like the Zed Attack Proxy) to find and remediate SQL injection vulnerabilities,” he told LinuxInsider.

The report referenced the Open Web Application Security Project (OWASP) top 10 security risks, which lists injection flaws and cross-scripting (XSS) attacks remaining as high as ever. What strikes Trend Micro researchers as significant is the high number of insecure deserialization vulnerabilities.

This is partly due to the ubiquity of Java and deserialization vulnerabilities in it, according to Trend Micro. It’s report also noted that the Liferay Portal, Ruby on Rails, and Red Hat JBoss deserialization vulnerabilities as being prominent.

Attackers also try to use vulnerabilities where there is broken authentication to gain unauthorized access to systems. Plus, the number of command injection hits also poses a surprise as they are higher than what Trend Micro’s analysts expected.

Expected Trend

It is no surprise that the majority of these attacks are web-based. Every website is different, written by different developers with different skill sets, observed Shawn Smith, director of infrastructure at nVisium.

“There is a wide range of different frameworks across a multitude of languages with various components that all have their own advantages and drawbacks. Combine this with the fact that not all developers are security gurus, and you’ve got an incredibly alluring target,” he told LinuxInsider.

Web servers are one of the most common services to expose to the internet because most of the world interacts with the internet through websites. There are other areas exposed — like FTP or IRC servers — but the vast majority of the world is using websites as their main contact point to the internet.

“As a result, this is where attackers will focus to get the biggest return on investment for their time spent,” Smith said.

OSS Linked to Supply Chain Attacks

Software supply chains must be secured to deal with the Linux attack landscape as well, noted the Trend Micro report. Attackers can insert malicious code to compromise software components of third-party suppliers. That code then connects to a command-and-control server to download and deploy backdoors and other malicious payloads within the system, causing remote code.

This can lead to remote code execution to an enterprise’s system and computing resources. Supply chain attacks can also come from misconfigurations, which are the second top incident type in cloud-native environments, according to the Trend Micro report. More than 56 percent of their survey respondents had a misconfiguration or known unpatched vulnerability incident involving their cloud-native applications.

Hackers are having an easy time. “The major attack types on web-based applications have remained constant over the recent past. That, combined with the rising time-to-fix and declining remediation rates, makes the hackers’ job easier,” said Setu Kulkarni, vice president of strategy at NTT Application Security.

Organizations need to test applications in production, figuring out what their top three-to-five vulnerability types are. Then launch a targeted campaign to address them, rinse, and repeat, he recommended.

The “Linux Threat Report 2021 1H” is available here.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

Which review ratings influence your decision to purchase a product or service?
- select any that apply -
Loading ... Loading ...

TechNewsWorld Channels


Kids’ Screen Use Sees Fastest Rise in 4 Years

teenage boy reading tablet

Isolation from friends and other factors during the pandemic contributed to a significant increase in screen use by tweens and teens from pre-pandemic levels.

Common Sense Media — a nonprofit organization dedicated to improving the lives of all kids and families — in March released a detailed report showing that screen use in 2021 increased far faster than it had in the previous four years. That usage for tweens was six times more in the past two years.

The pandemic was likely a major contributor to changes in screen use. Platforms like TikTok have continued to swell in popularity and may also be driving increased use, according to the study.

Researchers sought details on whether there were any lasting differences in young people’s use of screen media as society began to open up again in the fall of 2021. They focused on U.S. tweens (ages eight to 12) and teens (ages 13 to 18) and the time they spent using digital devices apart from time spent doing online classes and homework.

Total entertainment screen use among tweens and teens, per day, 2015 to 2021

2021 Common Sense Census: Media Use by Tweens and Teens

Entertainment screen use includes time spent watching television and online videos, playing video games, using social media, browsing websites, creating content, e-reading, and other digital activities. In 2021, time spent reading ebooks was included in the total for the first time (accounting for six minutes among tweens and eight among teens), and time spent watching movies in movie theaters and using an iPod Touch were not included (these had accounted for seven minutes among tweens and six minutes among teens in 2019). Source: Common Sense Media

Results show no dramatic changes in the overall patterns of media use by tweens and teens in terms of the types of devices used. The amount of time they devote to non-school screen activities rose significantly, as social media use spread somewhat among younger age groups.

Online videos have cemented their place at the top of young people’s media hierarchies. However, video gaming did not increase dramatically during the pandemic. The top activities remain the same — online videos, gaming, and social media. Also, the general patterns between tweens and teens, or boys and girls, have continued.

Media can be used in positive or negative ways. Vulnerable kids are overusing media, or using media in ways that contribute to mental health issues, according to Mike Robb, senior director of research at Common Sense Media.

“We need to be able to identify and support those kids. But there are also kids out there who are using media to keep their mood up, to connect with friends, or to support their mental health. We need to make sure that we are not reflexively demonizing all screen time,” he told TechNewsWorld.

“It really depends on who is using it, what they are using, and to satisfy what needs.”

More Media Use Findings

The report found eight major results compared to the last media use report prior to the pandemic in 2019. Common Sense Media’s study is the only nationally representative survey tracking media use patterns among a truly random sample of eight- to 18-year-olds in the United States, according to James P. Steyer, founder and CEO of Common Sense Media.

Site teens wouldn’t want to live without, 2021

Among the 79% of 13- to 18-year-olds who are regular users of social media and online videos (use at least once a week), percent who choose each site as the one they wouldn’t want to live without.

Sites teens wouldn’t want to live without, 2021

Source: Common Sense Media

In addition to the results cited above, researchers found:

  • If forced to choose, teens say YouTube is the site that they would not want to live without. In fact, watching online videos is both groups’ favorite media activity among both boys and girls across racial/ethnic groups and income levels.
  • Social media use is growing among eight- to 12-year-olds. Thirty-eight percent of tweens used social media (up from 31 percent in 2019). Nearly one in five (18 percent) said they now use social media daily (up from 13 percent since 2019).
  • Teens now spend nearly an hour and a half per day using social media but have conflicted feelings about the medium. Even though teens devote a lot of time to social media, they do not enjoy it as much as they do other types of media.
  • The top five social media sites teens have ever used are Instagram (53 percent), Snapchat (49 percent), Facebook (30 percent), Discord (17 percent), and Twitter (16 percent).
  • Both tweens and teens are substantially varied in the average amount of screen media they engage in each day. Boys use more screen media than girls. Black and Hispanic/Latino kids use more than White kids do. Children from lower-income households use more than those in higher-income homes.
  • Children consumed more media overall through the pandemic than prior to 2019 except for one source: reading did not increase in usage.
  • Nearly half of all teens listened to podcasts, and one in five said they do so at least once a week. They engage with a wide variety of media types, including media-based primarily on the spoken word.
  • Large numbers of Black, Hispanic/Latino, children in lower-income households still do not have access to a computer at home. This is one of the most basic building blocks of digital equity.

Alarming Results

Robb was struck by the stark increase in the amount of screen time over the past two years compared to the four years prior to the pandemic. From 2015 to 2019, media use for tweens grew only three percent. For teens, it grew by 11 percent.

However, from 2019 to 2021 alone, media use grew by close to 20 percent for both tweens and teens. That is almost six times the growth we saw before the pandemic for tweens alone.

“I am also struck by the fact that 38 percent of tweens have used social media, despite the fact that most platforms are not meant to be used by people under the age of 13,” he noted.

Top entertainment screen media activities among tweens and teens, 2021

Top entertainment screen media activities among tweens and teens, 2021

Video games refers to games played on a console, computer, or portable game player. Mobile games refers to games played on a smartphone or tablet. Source: Common Sense Media

What kids do with media is as important or more important than how much time they spend with media, Robb offered. If kids are using good content, using technology to socialize and hang out with their friends, and using tech to express themselves, then he does not think we need to worry about time so much.

“It is when media use is replacing important activities, like socializing, spending quality time with family, or sleeping, that I get concerned,” he said.

Researchers’ Take

Researchers noted that they were surprised to find no drastic expansions of new tablet and smartphone distributions among tweens and teens. The survey does not indicate that this happened, they said.

“We are beginning to see a modest trend toward the use of social media at earlier ages. This is especially interesting given the ongoing debates about the impact of social media on young people’s well-being,” they wrote.

The other new media product pushed by Facebook (now Meta) is immersive media, accessed through virtual reality. The increase in time is for entertainment media only, not for school, remote learning, or homework, clarified Robb.

At this point, the use of the new medium has been slow to catch on; slower, in fact, than the growth of podcasts, the report notes.

“I keep wondering if we will hit a ceiling of media use at some point, but so far we have not,” Robb added.

Changing Views on Kids’ Impact

A recent study (Rideout & Robb, 2021) shows that many young people used their digital devices during the pandemic to socialize with friends online, learn about things they were interested in, and create and share their own content. This work suggests that parents and educators should be careful of demonizing kids’ screen time consumption, Common Sense Media’s Steyer wrote in the report’s conclusion.

“It clearly played an important role for many tweens and teens during the pandemic,” he added.

This latest survey of kids’ media use shows that activities like content creation, video-chatting, and reading online occur frequently among young people and are important and meaningful to them. But that increased screen time still constitutes a tiny fraction of overall screen use, cautioned Steyer.

“In the end, the amount of time young people devote to content produced by others still dominates overwhelmingly, whether it is content they watch, read, play with, or scroll through. Given the huge amounts of time children give to media, it’s all the more important to elevate quality media by creating and highlighting the shows, games, apps, and books that engage, inspire, and provide positive representations,” he concluded.

The 2021 Common Sense Census: Media Use by Tweens and Teens report is available here.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Internet