Linux Ransomware, Cryptojacking, and Cobalt Strike Are Targeting Multi-Cloud Infrastructure

Linux systems are being increasingly targeted by ransomware, cryptojacking, and other malicious attacks, according to a recent report. The report, which was compiled by security firm Trend Micro, found that ransomware and crypto-jacking attacks on Linux systems have grown significantly in recent months. In addition, the researchers discovered that a cracked version of the penetration-testing tool Cobalt Strike is being used to launch more sophisticated attacks against Linux systems.

Trend Micro researcher Fernando Merces said:

"Linux systems are an attractive target for attackers due to their high level of flexibility and customization, this allows attackers to easily tailor their attacks to specific targets, making it more difficult for defenders to detect and block them."

The report also found that many of the attacks targeting Linux systems are being launched from multi-cloud infrastructure. Merces added that:

"An attacker can use cloud services to launch attacks more easily and anonymously. This is a major concern for enterprises that are using multi-cloud environments."

"We've been seeing an increase in attacks on the Linux side, especially against multi-cloud infrastructures. The majority of the incidents we encounter involve hypervisor misconfiguration or, at the server level, shared accounts, passwords, and improperly configured role-based access controls. "

Credential theft is a good entry point for attackers. While remote code execution is the most common method of breaching such systems, Merces says stolen credentials allow attackers more time to explore the network of a victim. In some cases, he's seen attackers spend weeks or months on the network of a target before launching an attack.

Merces adds that:

"The good thing about Linux is that there are so many distributions and each one has its own way of handling packages. Some have better security than others."

For example, Red Hat Enterprise Linux and SUSE Linux Enterprise Server are considered more secure than Ubuntu, he says. He further adds:

"The bottom line is that if you're using Linux, you need to make sure it's up to date and that you have good security controls in place. It's also important to monitor your systems for any unusual activity."

If you suspect that your system has been compromised, he recommends taking it offline immediately and contacting a reputable security firm for help. "Don't try to fix it yourself," he says. "You could make things worse."

To protect yourself or your organization from these threats, Trend Micro recommends ensuring that Linux systems are up to date with the latest security patches. In addition, they advise utilizing a security solution that can detect and block malicious activity.

Organizations should also be aware of the increased risk of attack when using the multi-cloud infrastructure. As per Merces:

" Attackers are constantly evolving their techniques, and enterprises must be prepared to defend against the latest threats. Utilizing a comprehensive security solution is the best way to protect your organization from these threats."