Trend Micro's Linux Threat Report identifies the most vulnerable distributions and biggest security headaches

3 years ago 518

Analysts reviewed 13 cardinal information incidents and recovered that end-of-life versions of Linux distributions were astatine the biggest risk.

linux.security.jpg

Linux present has been astir agelong enough that aged versions are causing information problems, according to a caller study from Trend Micro. Security analysts recovered that 44% of information breach detections came from CentOS versions 7.4 to 7.9, followed by CloudLinux Server, which had much than 40% of the detections, and Ubuntu with astir 7%. CentOS 7 was archetypal released successful June 2014 and afloat enactment ended successful August 2019.

Trend Micro detection information from the Linux Threat Report 2021 1H shows the apical 4 Linux distributions wherever the apical menace types were found:

  1. CentOS Linux:                    51%
  2. CloudLinux Server:            31%
  3. Ubuntu Server:                  10%
  4. Red Hat Enterprise Linux:   3%

SEE: The improvement of Linux connected the desktop: Distributions are truthful overmuch amended today (TechRepublic) 

Trend Micro analyzed much than 13 cardinal information events to place the apical 10 malware families and astir communal menace types. The apical 5 menace types affecting Linux servers from Jan. 1 to June 30 were:

  1. Coin Miners:      25%
  2. Web shells:       20%
  3. Ransomware:   12%
  4. Trojans:             10%
  5. Others:               3%

About 40% of the detections came from the U.S., followed by Thailand and Singapore with 19% and 14%.

The information from the study comes from Trend Micro's monitoring information from its information products and from honeypots, sensors, anonymized telemetry and different backend services. Trend Micro sees this information arsenic an illustration of the real-world prevalence of malware and vulnerability exploitation successful ample and tiny companies crossed aggregate industries. 

Most communal OWASP and non-OWASP attacks

The study looked astatine web-based attacks that acceptable successful the Open Web Application Security Project apical 10 database arsenic good arsenic communal attacks that are not connected the list. The astir communal OWASP attacks are:

  1. SQL injection:                27%
  2. Command injection:      23%
  3. XSS                                22% 
  4. Insecure deserialization: 18%
  5. XML outer entity:        6%
  6. Broken authentication:    4%

The information showed that injection flaws and cross-scripting attacks are arsenic precocious arsenic ever. The study authors besides noted the precocious fig of insecure deserialization vulnerabilities, which they spot arsenic partially owed to the ubiquity of Java and deserialization vulnerabilities. The information investigation besides recovered Liferay Portal, Ruby connected Rails and Red Hat JBoss deserialization vulnerabilities. Magno Logan and Pawan Kinger wrote the study for Trend Micro and said:

"Attackers besides effort to usage vulnerabilities wherever determination is breached authentication to summation unauthorized entree to systems. The fig of bid injection hits besides came arsenic a astonishment arsenic they are higher than what we would person expected."

The study recovered that brute-force, directory traversal and petition smuggling attacks are the 3 astir prevalent non-OWASP information risks.

SEE: Rocky Linux merchandise campaigner is present disposable and is precisely what CentOS admins are looking for (TechRepublic) 

How to support Linux servers

The study besides reviewed information threats to containers and identified full vulnerabilities for the 15 astir fashionable authoritative Docker images connected Docker Hub. This is what the database looks like:

Image                           Total vulnerabilities

Python                           482
Node                              470
Wordpress                     402
Golang                           288
Nginx                             118
Postgres                          86
Influxdb                           85
Httpd                               84
Mysql                              76
Debian                           66
Memchached                 65
Redis                             65
Mongo                          47
Centos                         68
Rabbitmq                    30

To support containers, the study authors urge asking these questions:

  • How unafraid are the instrumentality images?
  • Can the instrumentality images beryllium trusted?
  • Are the instrumentality images moving with due privileges?

Companies besides should deliberation astir codification security, the study recommends, and adhd these codification information verifications to the improvement pipeline:

  • Static exertion information analysis
  • Dynamic exertion information analysis
  • Software creation analysis
  • Runtime exertion self-protection

The Trend Micro analysts urge creating a multilayered information strategy that includes these elements:

  • Anti-malware
  • Intrusion prevention and detection system
  • Execution control
  • Configuration assessment
  • Vulnerability appraisal and patching
  • Activity monitoring 

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article