Analysts reviewed 13 cardinal information incidents and recovered that end-of-life versions of Linux distributions were astatine the biggest risk.
Linux present has been astir agelong enough that aged versions are causing information problems, according to a caller study from Trend Micro. Security analysts recovered that 44% of information breach detections came from CentOS versions 7.4 to 7.9, followed by CloudLinux Server, which had much than 40% of the detections, and Ubuntu with astir 7%. CentOS 7 was archetypal released successful June 2014 and afloat enactment ended successful August 2019.
Trend Micro detection information from the Linux Threat Report 2021 1H shows the apical 4 Linux distributions wherever the apical menace types were found:
- CentOS Linux: 51%
- CloudLinux Server: 31%
- Ubuntu Server: 10%
- Red Hat Enterprise Linux: 3%
SEE: The improvement of Linux connected the desktop: Distributions are truthful overmuch amended today (TechRepublic)
Trend Micro analyzed much than 13 cardinal information events to place the apical 10 malware families and astir communal menace types. The apical 5 menace types affecting Linux servers from Jan. 1 to June 30 were:
- Coin Miners: 25%
- Web shells: 20%
- Ransomware: 12%
- Trojans: 10%
- Others: 3%
About 40% of the detections came from the U.S., followed by Thailand and Singapore with 19% and 14%.
The information from the study comes from Trend Micro's monitoring information from its information products and from honeypots, sensors, anonymized telemetry and different backend services. Trend Micro sees this information arsenic an illustration of the real-world prevalence of malware and vulnerability exploitation successful ample and tiny companies crossed aggregate industries.
Most communal OWASP and non-OWASP attacks
The study looked astatine web-based attacks that acceptable successful the Open Web Application Security Project apical 10 database arsenic good arsenic communal attacks that are not connected the list. The astir communal OWASP attacks are:
- SQL injection: 27%
- Command injection: 23%
- XSS 22%
- Insecure deserialization: 18%
- XML outer entity: 6%
- Broken authentication: 4%
The information showed that injection flaws and cross-scripting attacks are arsenic precocious arsenic ever. The study authors besides noted the precocious fig of insecure deserialization vulnerabilities, which they spot arsenic partially owed to the ubiquity of Java and deserialization vulnerabilities. The information investigation besides recovered Liferay Portal, Ruby connected Rails and Red Hat JBoss deserialization vulnerabilities. Magno Logan and Pawan Kinger wrote the study for Trend Micro and said:
"Attackers besides effort to usage vulnerabilities wherever determination is breached authentication to summation unauthorized entree to systems. The fig of bid injection hits besides came arsenic a astonishment arsenic they are higher than what we would person expected."
The study recovered that brute-force, directory traversal and petition smuggling attacks are the 3 astir prevalent non-OWASP information risks.
SEE: Rocky Linux merchandise campaigner is present disposable and is precisely what CentOS admins are looking for (TechRepublic)
How to support Linux servers
The study besides reviewed information threats to containers and identified full vulnerabilities for the 15 astir fashionable authoritative Docker images connected Docker Hub. This is what the database looks like:
Image Total vulnerabilities
Python 482
Node 470
Wordpress 402
Golang 288
Nginx 118
Postgres 86
Influxdb 85
Httpd 84
Mysql 76
Debian 66
Memchached 65
Redis 65
Mongo 47
Centos 68
Rabbitmq 30
To support containers, the study authors urge asking these questions:
- How unafraid are the instrumentality images?
- Can the instrumentality images beryllium trusted?
- Are the instrumentality images moving with due privileges?
Companies besides should deliberation astir codification security, the study recommends, and adhd these codification information verifications to the improvement pipeline:
- Static exertion information analysis
- Dynamic exertion information analysis
- Software creation analysis
- Runtime exertion self-protection
The Trend Micro analysts urge creating a multilayered information strategy that includes these elements:
- Anti-malware
- Intrusion prevention and detection system
- Execution control
- Configuration assessment
- Vulnerability appraisal and patching
- Activity monitoring
Cybersecurity Insider Newsletter
Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays
Sign up todayAlso spot
- How to go a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
- Shadow IT argumentation (TechRepublic Premium)
- Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)