Behind the Nearest Cloud
Welcome

We in the Linux community are steeped in the conventional wisdom that Linux is much more secure than Windows. It is, of course, and it always has been, but then, that isn't saying much.
Dear Reader,
We in the Linux community are steeped in the conventional wisdom that Linux is much more secure than Windows. It is, of course, and it always has been, but then, that isn't saying much. The old versions of Windows that were around 20 years ago, when Linux was first starting to pick up steam, were really ridiculously insecure. Meanwhile, Microsoft kept bragging about how great Windows was and how you'd better be using it or you'd be left in the dust. The combination of Microsoft's engineering buffoonery and malicious marketing (they called Linux a cancer) gave the Linux community an attitude that remains to this day.
That attitude gave Linux developers an edge over the years when it came to competition and innovation, but the edge of attitude can be sharp and precipitous. Most Linux users are aware of the need to take standard security precautions, but there is also a tendency for denial among some of the Linux faithful about whether all that security advice really even applies to them. Ransomware? Privilege escalation? Must have been a Windows problem….
Well this isn't 2002 anymore. In many ways, Linux has already won the battle of the Internet. More Internet servers run Linux than any other system – even the Microsoft Azure cloud runs Linux servers. The pathetically low hanging fruit offered by systems like Windows 95 doesn't even exist anymore, which means that cybercriminals have to work harder to find a way inside. And once they start working harder, yes, they have found ways to get inside Linux.
The fact that Linux servers are so ubiquitous means that it is almost impossible for criminals to avoid them. In fact, it is getting to the point where cybercriminals need to attack Linux if they are going to continue to flourish. (OK, maybe "flourish" is too kind of a term, but you get my point.)
VMware's Threat Analysis Unit released a report recently about malware in Linux-based multi-cloud environments. The report [1], which is free for download if you enter your name and email address, focuses on ransomware and cryptomining attacks against cloud-based Linux instances. According to the report, "Threat actors know that current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to Linux-based attacks."
As you might expect, out-of-date and poorly managed Linux systems are considered the most vulnerable, but too often it seems that we don't really know which systems are "poorly managed" until it is too late. The report states that the most common threats "take advantage of weak authentication, vulnerabilities, and misconfigurations in container-based infrastructures to infiltrate the environment with remote access tools (RATs)."
Cobalt Strike is a commercial penetration testing tool that is also used by cybercriminals. The report outlines how attackers have implemented a Linux version of the Beacon implant used with Cobalt Strike in order to port the attack to Linux-based systems. Similar conversions are happening elsewhere as criminals adapt to a Linux-focused Internet.
The usual advice applies here as well as everywhere: Use strong passwords and keep your system up to date to prevent attackers from getting a foothold. But these time-honored measures aren't enough to protect your Linux cloud environment. The VMware team recommends "…complete visibility into all workloads with detailed system context that makes it easier to understand and prioritize mitigation efforts." They also say you should use an Endpoint Detection and Response (EDR) system that will monitor, collect data, and send automated alerts if anything is awry.
The important thing is, pay attention, and don't assume your Linux is safe just because it is safer than Windows. Linux might be the most secure system around, but you still need to do your homework, because danger is lurking behind the nearest cloud.
Joe Casad, Editor in Chief
Infos
- Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments: https://www.vmware.com/resources/security/exposing-malware-in-multi-cloud.html
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
Escuelas Linux 8.0 is Now Available
Just in time for its 25th anniversary, the developers of Escuelas Linux have released the latest version.
-
LibreOffice 7.5 has Arrived Loaded with New Features and Improvements
The favorite office suite of the Linux community has a new release that includes some visual refreshing and new features across all modules.
-
The Next Major Release of Elementary OS Has Arrived
It's been over a year since the developers of elementary OS released version 6.1 (Jólnir) but they've finally made their latest release (Horus) available with a renewed focus on the user.
-
KDE Plasma 5.27 Beta Is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.