We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating system. Those threats included large scale crypto-mining campaigns, botnets, ransomware, and nation-state sponsored attacks, the majority of these threats which were previously undetected.
Linux already powers 90 percent of the public cloud workload. The booming cloud adoption in recent years is expected to accelerate even further due to the effects of COVID-19. It’s safe to say, Linux threats aren’t going away any time soon.
When approached by IBM X-Force to contribute to their Cloud Threat Landscape Report, we thought it was a good opportunity to share our insights on some of the latest Linux malware targeting cloud environments.
Linux Malware Adapting to Cloud Environments
Many cloud-based systems run the same operating systems and applications as their on-premise counterparts, and as a result, much of the malware found operating in cloud environments is the same as that found outside of the cloud. However, there are instances of malware which are specifically designed to either target or make use of cloud systems.
One example of a threat actor that uses malware to target clouds is the Chinese-affiliated Pacha Group. This group has been targeting cloud-based infrastructures with new, previously undetected malware variants of Linux.GreedyAntd, which share significant amounts of code with previous versions.
Another malware targeting Linux-based file storage systems (NAS servers) in cloud environments is the QNAPCrypt ransomware. NAS servers typically store large amounts of important data and files, which make them a valuable target for attackers and especially a viable target for ransomware campaigns. This sort of threat can affect a very large user base and affect damage on troves of data hosted in the cloud. As cloud environments continue to increase in popularity, Linux-focused malware is likely to continue to grow.
To learn more about the different malware targeting cloud-based systems, download the IBM X-Force Cloud Threat Landscape Report and read about our latest Linux malware discovery targeting servers via SSH brute force attacks.