It’s time to forget about 2023 being “The Year of the Linux Desktop,” the popular slogan for the growing Linux OS use. Already, it is the year of Linux malware.
Cybercriminals are now more interested in Linux due to its potential high return on investment. Security countermeasures are designed to protect against Windows-based attacks, leaving Linux vulnerable, especially when it comes to private cloud deployments.
The tide of malware attacks on Linux systems has turned for the worse. Linux has the reputation of being amongst the most secure systems. But that doesn’t make it immune to stupidity by users and corporate malfeasance.
You can also find out more about the A-Team here. report Published in January by Atlas VPN The report showed that the number of Linux malware attacks would reach a record high in 2022. The increase in attack levels by 50% was then a significant factor, bringing the total to 1.9 millions infections. Recent malware monitoring indicates that the situation is getting worse.
Linux malware is becoming more prevalent, as more devices and server run the Linux OS. Linux is now exposed to the same risks as Windows and macOS. ChromeOS, a Linux-based OS that powers Chromebooks widely used by schools and companies worldwide, does not offer any protection against browser- and email-based infiltration.
Linux users have been the target of attacks for years. The frequency of attacks against Linux users has fluctuated over the past few years due to a number of factors. Research shows that malware is decreasing on all platforms, except Linux.
Joao Correia is a technical evangelist at TuxCareA Linux automated patching service. With the current trend of increasing Linux malware attacks, he observed that Linux users — both for business and personal computing — pose ongoing challenges.
It is no longer true that Linux attacks only target servers. He warned that all Linux users were in the crosshairs.
It’s all in the data. Correia said to LinuxInsider that “we changed the way we value data.” Data is more valuable today because it can be used to power artificial intelligence.
Killer Factors at Fault
Correia identifies the inability of enterprise IT circles, to quickly and regularly install patches as a cause for Linux system intrusions. Attackers are attracted to Linux because of the financial rewards they can reap from ransomware and stolen data.
A common business practice that executives of companies impose upon IT workers is delaying the taking off servers and workstations to perform essential system patches. Computer downtime for security maintenance must be scheduled — often weeks — in advance to accommodate a business peak.
“You do not know for how long you are vulnerable to an attack. You need to fix this security hole as soon as possible. It is a blessing for malware authors to take five or even six weeks to fix those vulnerabilities”, Correia explained.
It allows systems that have been breached to be accessed or taken. This is a bad situation, especially if you don’t patch your system because you lack the authority to do so.
“This occurs a lot within the organization,” he said.
Keep your systems updated. It is not enough to take a couple of months to fix a vulnerability. You’re giving that vulnerability way too much room to be exploited,” warned he.
The last time the Log4j disclosure. He said that some systems are still vulnerable because companies take too long to patch them.
Worker Negligence Has Consequences
In addition, the growth of Linux malware is also due to workers being unaware or poorly trained. Correia used a recent LastPass hack to prove his point.
This intrusion occurred because a worker in IT accessed the company’s systems using a workstation at home that was running unpatched software. Not only were the home systems of the IT workers compromised, but also LastPass servers.
“So, when you put it all together, you’ll need to move data to a centralized location.” Correia explained that you need to audit and secure your computers, and allow access to them from different operating system types.
Cybersecurity experts make it seem as if everyone is always following the best practices. He said that they often give the impression that everyone is doing everything right.
“In reality, most companies are only struggling to do the basics.” Most companies have a couple of IT people who are called in to help when the website fails, when emails look suspicious, etc. They do not have dedicated teams. They don’t have any best practices, disaster recovery plans or anything like that,” he stated.
Going Beyond the Linux Security Surface: Q&A
Joao Correia, a LinuxInsider contributor, was asked to elaborate on the recent rise in Linux malware.
His insight shows the complexity of dealing with multi-platform computing. After working as a system administrator for years, he knows why people cannot or do not patch their computers every day. They cannot simply take down systems and not have stakeholders get angry. Then they look at it like it is just a cost, and not a benefit to the company.
Linux OS is not to be overlooked, even though it comes with built-in security.
LinuxInsider – How can enterprise Linux users improve harden their operating systems?
Joao Correia: Patching more efficiently is a must if you want to cover the basics. You cannot rely on the same practices that you were doing 20 years ago when you had a fraction of the vulnerabilities that we have today — and you have to be faster in those types of things.
It is time to change how you patch. If patching your system is difficult because of the disruption, you should consider other methods. It is the bare minimum that you can do to improve your security.
How Effective is Live Patching?
Correia: TuxCare provides kernel care. It provides kernel care. This is an easy way to keep systems updated without any disruption. The software is updated without having to restart the services.
Why don’t more businesses do that?
Correia: Companies are not very good at adapting to new technologies. The companies are still patching the same way they were 20 years back, when monolithic big servers were used and virtualization didn’t exist.
IT security is a very different landscape than even a few short years ago. It is important to change your way of doing things in order to survive.
This is just a basic overview of the advanced tools and scanners available. You are simply covering all your bases with the latest software. In the end, malicious actors who create viruses, malware and ransomware look for a way to easily enter a computer system. You can patch all of the other holes, but if you leave one, then they will get in.
Does enterprise Linux have a greater attack surface than personal Linux or Linux off-site users?
Correia: The attack surface is identical. The Linux kernel is the same and the software versions are likely the same as on enterprise computers. Only the lack of security measures, such as traffic analysis and application firewalls, that would be present on an enterprise network is the difference.
On the other hand you may not have nearly as much data at home. Even though you may be less secure, a malicious threat actor will have less to gain from you because they can extract less value.
What is the security status for Chromebooks that run ChromeOS, a Linux-based operating system?
Correia: Google added some special sauce that enhances Chromebooks’ security. These include sandboxing, user account separation, and secure booting. You can do all that on Linux. Now you can have the Linux system using the same kinds of security mechanisms as ChromeOS. Open-source tools that provide the same security can be added to Linux.
What can Linux novices do to further secure their use of the Linux OS?
Correia: It may not be in the box. It may take some tweaking to get it. With all the core functionality available on one side, it is possible to do the same on the opposite side.
Installing the required applications for your Linux distribution is easy. ChromeOS is not a magic OS. ChromeOS might not have these settings set up, but you can achieve the same level on a regular Linux machine.
You stressed that Linux enterprise users must adhere to the security basics. What are the basics for Linux users?
Correia: Maintaining your system is a good example. You should update your system immediately if you receive a notification that an update is pending. Most often, these updates will contain important security patches.
The default security settings in most Linux distributions are quite secure. Although it may not be up to government standards of security, you’ll still have some security features built-in as long you keep your operating system updated.
Linux users who are not in business will sometimes need to restart their system to apply the updates. Do not wait to restart your computer. As soon as the updates are released, install them.
Prioritize security, regardless of the platform
The cybersecurity threat landscape is evolving as well. Linux is considered to be a safe operating system for a long time, but the recent surge of malware attacks highlights the need for constant monitoring. Users in both the enterprise and home sectors face increasing complexity that they cannot ignore.
Patching will always be a vital line of defence. JoaoCorreia says that security basics are also in need of a new look. Not only are there new threats, but also outdated security practices which no longer work in an ever-changing environment.
Linux security can be a complex issue, with many different aspects. From the individual employee’s responsibility to corporate IT department, Linux security is an important challenge. It’s more than just installing advanced firewalls or vulnerability scanners. It’s also about creating a security culture which adapts to the new threats that emerge.
Ultimately, the key takeaway is clear: No operating system is invincible, and it’s crucial for Linux users — whether running enterprise servers or personal laptops — to stay informed, be proactive, and prioritize security as an ongoing process rather than a one-time setup.