Linux Malware Sees 35% Growth During 2021 (bleepingcomputer.com) 71
The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. BleepingComputer reports: A Crowdstrike report looking into the attack data from 2021 summarizes the following:
- In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
- XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
- Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
- XorDDoS also had a notable year-over-year increase of 123%.
[...]
The Crowstrike findings aren't surprising as they confirm an ongoing trend that emerged in previous years. For example, an Intezer report analyzing 2020 stats found that Linux malware families increased by 40% in 2020 compared to the previous year. In the first six months of 2020, a steep rise of 500% in Golang malware was recorded, showing that malware authors were looking for ways to make their code run on multiple platforms. This programming, and by extension, targeting trend, has already been confirmed in early 2022 cases and is likely to continue unabated.
- In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
- XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
- Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
- XorDDoS also had a notable year-over-year increase of 123%.
[...]
The Crowstrike findings aren't surprising as they confirm an ongoing trend that emerged in previous years. For example, an Intezer report analyzing 2020 stats found that Linux malware families increased by 40% in 2020 compared to the previous year. In the first six months of 2020, a steep rise of 500% in Golang malware was recorded, showing that malware authors were looking for ways to make their code run on multiple platforms. This programming, and by extension, targeting trend, has already been confirmed in early 2022 cases and is likely to continue unabated.
I thought (Score:2, Interesting)
I thought the superior design, publicly available source code, and superior system administrators made Linux-derived OSes the most secure software in the world, impervious to the malicious hacks and attacks that plague inferior closed-source OSes like Windows and Mac OS...
Perhaps the rise in malware attacks is merely a function of the reality that Linux is heading towards a market-share large enough to attract the attention of hackers and malware authors?
Re:I thought (Score:4, Funny)
Re: I thought (Score:2)
Bugs? In Linux?
Blasphemer!
LOL
Re: (Score:2)
I think, but I could be wrong, popular malware relies on a service designed to run on a Kernel, services that apps are built on that demand Kernel memory to run. So the source code most vulnerable is not the kernel itself which is more secure that anything that will run on it? This would also explain the closed source malware I guess...?
You thought? (Score:5, Informative)
I've been doing UNIX/POSIX OS engineering for a while now. Always told people that the only absolutely secure system is a powered-down system - and even then, don't get too confident about security. Cut yer whining about how someone promised you a perfect system, 'cuz all the real pros have been telling everyone that'll listen there ain't no such thing.
Thanks for playing. Tell him what he's won, Johnny!
Re: You thought? (Score:4, Interesting)
Woosh!
Perhaps the rise in malware attacks is merely a function of the reality that Linux is heading towards a market-share large enough to attract the attention of hackers and malware authors?
Many Linux advocates attributed their chosen OS's lack of malware to the factors I mentioned, ignoring the reality that the market share of Linux desktops (apart from professionally admin'd servers) was so low that even with source code the effort was too great to justify the effort.
That the malware mainly appears on IoT devices speaks to the need for sufficient numbers to attract malware authors and a large number of identically-configured IoT devices.
Re: (Score:3, Interesting)
It looks like you are trying to be sarcastic, offend or get some revenge on linux users, but i fear you will be disappointed. *nix users have agreed for very long that security comes from several factors, such as a limited market share (for the desktop), fragmentation, and the generally more literate users, apart from design factors.
And Linux being very popular outside the desktop market, or even being the dominant OS in several markets, is not new, although the market penetration increased both in consumer
Re: You thought? (Score:2)
I can tell you quite confidently, I've never heard a single actual advocate of a Linux based operating system say "Linux is impervious to malware".
I have heard countless "Linux Advocates" claim that Linux, based on its design and open source status was impossible to be a victim of malware.
I agree, reasonable experts that are published, serious contributors to the Linux ecosystem were careful in their wording as you describe, but many of the foot soldiers in the Linux Movement made wild claims as I describe to bully 'non-believers' to convert to Linux on the desktop.
Re:You thought? (Score:4, Funny)
So I know you already get all this. C'mon, it's even called a patchy web server (which is the first thing most people think of when they think of Linux, yes/no?).
Re: (Score:2, Flamebait)
UID means dick. kenh is a well-known troll.
Re: (Score:2)
I do not know about kenh being a troll, but have no reason to dispute your statement.
But I fully agree with you the UID has no meaning. To me, all the ID numbering scheme does is to allow people to say mine is bigger than yours. Most of the time it is all in good fun, but I think it may discourage new people from signing up due to the UID thing.
Now if people read the article, it focuses on IOT, which everyone here knows (or should know) is a security nightmare. No to little mention of servers or even desk
Re: (Score:2)
> [...] IOT, which everyone here knows (or should know) is a security nightmare.
"The 's' up here in 'IoT' stands for 'Security', we all know that" -- Michael Caisse, "Small Inspiration"
https://youtu.be/nrtav9_SKwg?t... [youtu.be]
Re: (Score:2)
To me, all the ID numbering scheme does is to allow people to say mine is bigger than yours.
In fact the fight is to say mine is smaller than yours... and we wonder why the site is, albeit not gender-uniform, male-dominated :D
Re: (Score:2)
Please engage sarcasm detector. Thanks for playing, though.
Re: (Score:3)
Maybe, but since a lot of it is IoT it could be said to be a consequence of its no-cost nature. Free, gets distributed a lot wider, and if it comes with a guilt-free license so much the better.
Re:I thought (Score:4, Informative)
Mirai was designed to attack Linux devices that still have the default password and are on the open internet.
Re: (Score:1)
A service built to run on Linux designed to have a default password. Or even better a service with no password designed to load ANOTHER service with a default password, or even the reverse. And please don't stare at my UID it makes me uncomfortable...
Re:I thought (Score:5, Insightful)
Linux has long had a significant marketshare in embedded devices and servers, it's only in user-facing general purpose desktops where the linux marketshare is small.
In the embedded space linux primarily does not compete against windows, it competes against vxworks and various other embedded systems.
Most of the malware for linux is aimed at servers and embedded devices, and always has been. There is not much malware aimed at desktop linux users.
Being open source, anyone is free to create an embedded device using linux, and lots of shady manufacturers do. When these embedded devices become compromised the vast majority are not due to vulnerabilities in linux itself - but are due to poor configuration (eg default passwords), or vulnerabilities in the (often closed source) code the device vendor has placed on top of the linux kernel.
In a similar vein, microsoft is not blamed when windows systems are exploited due to poor configuration or bugs in third party code.
Re: (Score:2)
Maybe not by people who think objectively, but plenty of /. comments blame Microsoft for absolutely everything that happens on Windows computers.
Re: (Score:2)
Re: (Score:1)
So, just to be clear, if you are a desktop Linux user who takes reasonable precautions (good passwords, firewalls, not running scripts found on random websites, etc...), there's nothing to worry about ? No big 0-day vulnerabilities, or arbitrary code executions while on the web...?
I thought that's what Java was for...embedded Java.. It's MY UID.
Re: (Score:2)
Not "nothing", but significantly less threats yes.
Most of the attacks against linux systems target listening network services present on servers and embedded devices - a linux desktop by default does not have any such services.
Most attacks against client software (browsers etc) or phishing target windows, while a vulnerability in firefox or webkit would theoretically be cross platform most of the exploits being actively used don't target desktop linux, and while they may target android most android exploits
Re: (Score:1)
So, even when the definition of embedded device"" changes the attack objective stays the same?
Re: (Score:2)
Linux has long had a significant marketshare in embedded devices and servers, it's only in user-facing general purpose desktops where the linux marketshare is small.
In the embedded space linux primarily does not compete against windows, it competes against vxworks and various other embedded systems.
Most of the malware for linux is aimed at servers and embedded devices, and always has been. There is not much malware aimed at desktop linux users.
Being open source, anyone is free to create an embedded device using linux, and lots of shady manufacturers do. When these embedded devices become compromised the vast majority are not due to vulnerabilities in linux itself - but are due to poor configuration (eg default passwords), or vulnerabilities in the (often closed source) code the device vendor has placed on top of the linux kernel.
In a similar vein, microsoft is not blamed when windows systems are exploited due to poor configuration or bugs in third party code.
Beyond this, how much of it is Linux and how much of it are the applications that run on Linux? I would think a large amount of that "35%" growth would be the Log4j vulnerability alone, which affects Apache and any platform it runs on including Windows and ESXi.
Re: (Score:2)
There is not much malware aimed at desktop linux users.
Of course. You don't want a virus to spread to one user and then instantly suffer from complete herd immunity.
Re: (Score:3)
But no, it is always some foreign government's fault, or the users for opening an email.
So if the rise of market share makes everything equal, why waste so much tax payer money if not to fund bullshit jobs?
Re: (Score:2)
Re: Who Updates IoT? (Score:2)
IoT devices that are never updated are going to be vulnerable.
Re: (Score:2)
IoT devices are unlikely to run extra services that might be vulnerable, but they're likely to have dodgy, poorly written or secured services that are vulnerable as their primary function. And you're correct that they won't be kept updated
It does (Score:2)
Re: (Score:2)
Most malware does not exploit bugs in the operating system to perform privilege escalation. Most malware relies on tricking the user into running it, at which point of course no operating system design can stop it. If the o.s. could stop malware that for instance deleted every file one has access to delete, then how would one create a program that deletes files?
Apart from that, “operating system” is a very vague term and for malware this doesn't matter. Consider for instance a web browser that c
Re: I thought (Score:2)
OS doesn't matter when IoT devices are designed by monkeys that do not care about security: they hardcore ready to guess passwords, use insecure protocols, ancient unmatched software...
Re: (Score:1)
I thought the superior design, publicly available source code, and superior system administrators made Linux-derived OSes the most secure software in the world, impervious to the malicious hacks and attacks that plague inferior closed-source OSes like Windows and Mac OS...
Perhaps the rise in malware attacks is merely a function of the reality that Linux is heading towards a market-share large enough to attract the attention of hackers and malware authors?
The biggest culprit is C. Any operating system where a major part is written in C (or even C++) is bound to have serious security holes. Anyone following the lists of vulnerabilities will notice this.
Do not misunderstand me, I am not saying that an OS written in a more secure language would be without security holes. We saw recently a serious problem with log4j which is not written in C. All I am saying is that in additional to those security holes you have in any language, with C you have additionally the
Re: (Score:2)
I have to ask for a reference to a securer OS not written in C. I'll further confine answers to not running C and on a desktop.
Re: (Score:1)
I have to ask for a reference to a securer OS not written in C. I'll further confine answers to not running C and on a desktop.
You seems to miss the point in my post. My point is that we should have begun with this decades ago and now as we have taken baby steps we are still decades away from having it.
Re: (Score:1)
The only problem i see with security? Now not debugging (other's) C code, well yes debugging other people's large progressive C project can be a pain. But I am convinced that C->C++->C#, etc is logically able to eliminate ANY problem people have with C, other than reading their code =) Now this is logically speaking mind you. I don't speak for other's sense creative subjectivity and their choice(s) of language(s). But failing to use C progressively thus more completely thus with more security, cannot
Re: (Score:2)
If you install a video game on your Linux box, by default it has full access to your filesystem, home folder, and can access any web address it wants -- just like on any other OS. You have to go out of your way to secure your own machine, and only if you know what you're doing. Is there a one-click setting in any typical Linux desktop environment that lets you sandbox a program or shut off Internet access? Sure, you CAN do it, but it's not easy. Even most hardcore nerds don't bother to do that stuff on
Re: (Score:2)
A 35% increase means about 20 people were actually affected, right?
Re: (Score:2)
It's important to known that Crowdstrike is a anti-malware vendor that is big with the corporate types and all of those vendors make a regular practice of deseminating FUD via whitepapers and reports that get into the hands of SecOps admins who are long practiced in just buying whatever the latest kool-aid is.
And it may even be true strictly speaking in that we had 17 Linux malwares before and now there are 23 so that is a 35% increase but ignores the fact that platforms like Windows have IDK, many many tho
Re: (Score:2)
Why the devil was that marked down?
Re: (Score:2)
made Linux-derived OSes the most secure software in the world
Nah, Linux only has to be more secure than Windows. It's not hard when you copy the process architecture and permission model of Unix.
Perhaps the rise in
There is this property of math where if you have a very small number and you add a relatively large number to it, the rate of increase skyrockets. When compared to starting with a massive number and adding just about anything to it.
Linux is heading towards a market-share
I've been waiting 20 years to finally announce it's going to be the year of the Linux Desktop. But seriously, this is not going to happen. Desktop
at this rate (Score:4, Informative)
The year of the Linux Desktop will be the same year that Linux looks and feels a lot like Windows.
Re: (Score:2)
And yet no one has this conundrum with Macs. So, when will the year of the mac desktop start?
Re: (Score:2)
Re: (Score:2)
Huh? Mac desktop? You mean the thing Apple is actively trying to kill and since 2017 has barely acknowledged it exists? https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Finally! (Score:5, Funny)
It's taken a long time, but it's finally the Year of Linux Malware on the Desktop.
Re: (Score:2)
Funny as that was, it's malware on IoT
These are not malware in Linux (Score:1)
Re: (Score:1)
Re: (Score:2)
The year of Linux on the laptop is here. The year of Linux + BSD as the most popular OS is here.
The only place where Linux is not popular at all is on the Desktop, for some reason.
Thank goodness for all the Windows IOT devices (Score:4, Funny)
SEO clickbait detected! (Score:3)
Not content with SEO, the headline Optimizes Ignorance Engagement. The percentage increase being the headline leverages the inability of most humans to consider what that information really means.
It evades (as does the entire OP!) comparison with other OS in order to direct Slashdotters to the parent link.
Wait, what happened? (Score:1)
What are the absolute numbers? (Score:2)
Re: (Score:1)
2021 is the Year of the Linux Malware! (Score:1)
;-) nuf sed
Re: (Score:1)
Oops, somebody beat me to this meme. Delete delete delete!
When is the year of Slashdot correction feature?
IoT (Score:2)
if t6he problem is with IoT devices they can crack em all for all i care. If you're dumb enough to use these devices without securing them , your problem boyo. Dont blame the linux kernel for crappy implementations in low cost gadgets. That's misleading and totally out of context. The article bttw is as much garbage as trump spwes out in a year. bye.
Meanwhile, (Score:2)
Meanwhile, zero announcements have been made for desktop operating systems that support capability based security.
Rose by 35% (Score:2)
Lots of stats, no numbers. (Score:3)