Ransomware attacks targeting Linux are on the rise as cybercriminals seek to expand their capabilities and target an operating system that businesses often neglect when it comes to security.
Linux servers are indeed increasingly targeted by this type of attack, which aims to encrypt data to extort ransom, according to an analysis by cybersecurity researchers at Trend Micro.
For Trend Micro, cyberattack detections targeting servers running this open source operating system have increased by 75% over the past year, indicating that cybercriminals are looking to expand their attacks beyond Windows operating systems.
Linux powers a significant corporate IT infrastructure, including servers, making it an attractive target for ransomware groups. The perceived lack of threat to Linux systems compared to Windows makes this target even more attractive to these cybercriminals. Cybersecurity groups can really focus on protecting Windows networks from cybercrime, leaving the protection of their Linux servers in the background.
However, Trend Micro researchers note that ransomware gangs are increasingly tailoring their attacks to focus specifically on Linux systems. For example, Lockbit, one of the most popular and effective ransomware of recent times, now offers a Linux-based variant specifically for these systems.
Cybercriminals are indeed motivated by the prospect of new ransoms. So they don’t hesitate to take advantage of new opportunities, such as these attacks on Linux environments, if they think they can help them make more money.
“They continue to evolve their business model by focusing their attacks even more precisely. That’s why it’s critical for organizations to better map, understand and protect their digital attack surface,” said John Clay, vice president of threat intelligence at Trend Micro.
Ransomware gangs aren’t the only ones showing growing interest in Linux. Malicious Linux-based cryptominers that allow cybercriminals to stealthily use the power of infected computers and servers to mine cryptocurrencies have grown by 145%, according to Trend Micro.
Cybercriminals manage to take over Linux systems for their own benefit by exploiting unpatched vulnerabilities. According to the report, these vulnerabilities include CVE-2022-0847, also known as Dirty Pipe. This vulnerability, which the researchers say is “relatively easy to exploit”, affects the Linux kernel from version 5.8 onwards. This allows attackers to take control of vulnerable systems.
To protect yourself, we recommend that you install all security patches as soon as possible to prevent cybercriminals from exploiting known vulnerabilities for which patches are available. It is also recommended to use multi-factor authentication throughout your ecosystem to provide an additional layer of protection against attacks.