Behind the Nearest Cloud
Welcome
![](/var/linux_magazin/storage/images/issues/2022/257/welcome/casad_joe_2.png/801151-1-eng-US/Casad_Joe_2.png_medium.png)
We in the Linux community are steeped in the conventional wisdom that Linux is much more secure than Windows. It is, of course, and it always has been, but then, that isn't saying much.
Dear Reader,
We in the Linux community are steeped in the conventional wisdom that Linux is much more secure than Windows. It is, of course, and it always has been, but then, that isn't saying much. The old versions of Windows that were around 20 years ago, when Linux was first starting to pick up steam, were really ridiculously insecure. Meanwhile, Microsoft kept bragging about how great Windows was and how you'd better be using it or you'd be left in the dust. The combination of Microsoft's engineering buffoonery and malicious marketing (they called Linux a cancer) gave the Linux community an attitude that remains to this day.
That attitude gave Linux developers an edge over the years when it came to competition and innovation, but the edge of attitude can be sharp and precipitous. Most Linux users are aware of the need to take standard security precautions, but there is also a tendency for denial among some of the Linux faithful about whether all that security advice really even applies to them. Ransomware? Privilege escalation? Must have been a Windows problem….
Well this isn't 2002 anymore. In many ways, Linux has already won the battle of the Internet. More Internet servers run Linux than any other system – even the Microsoft Azure cloud runs Linux servers. The pathetically low hanging fruit offered by systems like Windows 95 doesn't even exist anymore, which means that cybercriminals have to work harder to find a way inside. And once they start working harder, yes, they have found ways to get inside Linux.
The fact that Linux servers are so ubiquitous means that it is almost impossible for criminals to avoid them. In fact, it is getting to the point where cybercriminals need to attack Linux if they are going to continue to flourish. (OK, maybe "flourish" is too kind of a term, but you get my point.)
VMware's Threat Analysis Unit released a report recently about malware in Linux-based multi-cloud environments. The report [1], which is free for download if you enter your name and email address, focuses on ransomware and cryptomining attacks against cloud-based Linux instances. According to the report, "Threat actors know that current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to Linux-based attacks."
As you might expect, out-of-date and poorly managed Linux systems are considered the most vulnerable, but too often it seems that we don't really know which systems are "poorly managed" until it is too late. The report states that the most common threats "take advantage of weak authentication, vulnerabilities, and misconfigurations in container-based infrastructures to infiltrate the environment with remote access tools (RATs)."
Cobalt Strike is a commercial penetration testing tool that is also used by cybercriminals. The report outlines how attackers have implemented a Linux version of the Beacon implant used with Cobalt Strike in order to port the attack to Linux-based systems. Similar conversions are happening elsewhere as criminals adapt to a Linux-focused Internet.
The usual advice applies here as well as everywhere: Use strong passwords and keep your system up to date to prevent attackers from getting a foothold. But these time-honored measures aren't enough to protect your Linux cloud environment. The VMware team recommends "…complete visibility into all workloads with detailed system context that makes it easier to understand and prioritize mitigation efforts." They also say you should use an Endpoint Detection and Response (EDR) system that will monitor, collect data, and send automated alerts if anything is awry.
The important thing is, pay attention, and don't assume your Linux is safe just because it is safer than Windows. Linux might be the most secure system around, but you still need to do your homework, because danger is lurking behind the nearest cloud.
Joe Casad, Editor in Chief
Infos
- Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments: https://www.vmware.com/resources/security/exposing-malware-in-multi-cloud.html
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.