Behind the Nearest Cloud
Welcome
We in the Linux community are steeped in the conventional wisdom that Linux is much more secure than Windows. It is, of course, and it always has been, but then, that isn't saying much.
Dear Reader,
We in the Linux community are steeped in the conventional wisdom that Linux is much more secure than Windows. It is, of course, and it always has been, but then, that isn't saying much. The old versions of Windows that were around 20 years ago, when Linux was first starting to pick up steam, were really ridiculously insecure. Meanwhile, Microsoft kept bragging about how great Windows was and how you'd better be using it or you'd be left in the dust. The combination of Microsoft's engineering buffoonery and malicious marketing (they called Linux a cancer) gave the Linux community an attitude that remains to this day.
That attitude gave Linux developers an edge over the years when it came to competition and innovation, but the edge of attitude can be sharp and precipitous. Most Linux users are aware of the need to take standard security precautions, but there is also a tendency for denial among some of the Linux faithful about whether all that security advice really even applies to them. Ransomware? Privilege escalation? Must have been a Windows problem….
Well this isn't 2002 anymore. In many ways, Linux has already won the battle of the Internet. More Internet servers run Linux than any other system – even the Microsoft Azure cloud runs Linux servers. The pathetically low hanging fruit offered by systems like Windows 95 doesn't even exist anymore, which means that cybercriminals have to work harder to find a way inside. And once they start working harder, yes, they have found ways to get inside Linux.
The fact that Linux servers are so ubiquitous means that it is almost impossible for criminals to avoid them. In fact, it is getting to the point where cybercriminals need to attack Linux if they are going to continue to flourish. (OK, maybe "flourish" is too kind of a term, but you get my point.)
VMware's Threat Analysis Unit released a report recently about malware in Linux-based multi-cloud environments. The report [1], which is free for download if you enter your name and email address, focuses on ransomware and cryptomining attacks against cloud-based Linux instances. According to the report, "Threat actors know that current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to Linux-based attacks."
As you might expect, out-of-date and poorly managed Linux systems are considered the most vulnerable, but too often it seems that we don't really know which systems are "poorly managed" until it is too late. The report states that the most common threats "take advantage of weak authentication, vulnerabilities, and misconfigurations in container-based infrastructures to infiltrate the environment with remote access tools (RATs)."
Cobalt Strike is a commercial penetration testing tool that is also used by cybercriminals. The report outlines how attackers have implemented a Linux version of the Beacon implant used with Cobalt Strike in order to port the attack to Linux-based systems. Similar conversions are happening elsewhere as criminals adapt to a Linux-focused Internet.
The usual advice applies here as well as everywhere: Use strong passwords and keep your system up to date to prevent attackers from getting a foothold. But these time-honored measures aren't enough to protect your Linux cloud environment. The VMware team recommends "…complete visibility into all workloads with detailed system context that makes it easier to understand and prioritize mitigation efforts." They also say you should use an Endpoint Detection and Response (EDR) system that will monitor, collect data, and send automated alerts if anything is awry.
The important thing is, pay attention, and don't assume your Linux is safe just because it is safer than Windows. Linux might be the most secure system around, but you still need to do your homework, because danger is lurking behind the nearest cloud.
Joe Casad, Editor in Chief
Infos
- Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments: https://www.vmware.com/resources/security/exposing-malware-in-multi-cloud.html
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.