Nearly 14 million Linux-based systems are directly exposed to the internet, making it a lucrative target for an array of real-world attacks that could lead to the deployment of malicious web shells, coin miners, ransomware and more. ‘other Trojans.
That’s according to an in-depth review of the Linux threat landscape released by US-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data gathered from honeypots, sensors and anonymized telemetry.
The company, which detected nearly 15 million malicious events targeting Linux-based cloud environments, found that coin miners and ransomware accounted for 54% of all malware, with web shells accounting for 29%.
Additionally, by dissecting over 50 million events reported by 100,000 unique Linux hosts during the same time period, researchers discovered 15 different security holes known to be actively exploited in the wild or for which a proof of concept (PoC) is available.
- CVE-2017-5638 (CVSS Score: 10.0) – Apache Struts 2 Remote Code Execution (RCE) Vulnerability
- CVE-2017-9805 (CVSS score: 8.1) – XStream RCE vulnerability of the Apache Struts 2 REST plugin
- CVE-2018-7600 (CVSS score: 9.8) – Drupal Core RCE vulnerability
- CVE-2020-14750 (CVSS score: 9.8) – Oracle WebLogic Server RCE vulnerability
- CVE-2020-25213 (CVSS score: 10.0) – RCE vulnerability of the WordPress File Manager plugin (wp-file-manager)
- CVE-2020-17496 (CVSS score: 9.8) – RCE vulnerability not authenticated vBulletin ‘subwidgetConfig’
- CVE-2020-11651 (CVSS score: 9.8) – SaltStack Salt authorization weakness vulnerability
- CVE-2017-12611 (CVSS score: 9.8) – RCE vulnerability of Apache Struts OGNL expression
- CVE-2017-7657 (CVSS score: 9.8) – Integer overflow vulnerability when analyzing fragment length of Eclipse Jetty
- CVE-2021-29441 (CVSS score: 9.8) – Alibaba Nacos AuthFilter authentication bypass vulnerability
- CVE-2020-14179 (CVSS score: 5.3) – Atlassian Jira information disclosure vulnerability
- CVE-2013-4547 (CVSS Score: 8.0) – URI String Processing Access Restriction Bypass Vulnerability Designed by Nginx
- CVE-2019-0230 (CVSS score: 9.8) – Apache Struts 2 RCE vulnerability
- CVE-2018-11776 (CVSS score: 8.1) – RCE vulnerability of OGNL Apache Struts expression
- CVE-2020-7961 (CVSS score: 9.8) – Unreliable deserialization vulnerability of the Liferay portal
Even more troubling, the 15 most commonly used Docker images on the official Docker Hub repository were found to host hundreds of vulnerabilities spanning python, node, wordpress, golang, nginx, postgres, influxdb, httpd, mysql, debian, memcached, redis , mongo, centos and rabbitmq, highlighting the need to secure containers against a wide range of potential threats at every stage of the development pipeline.
“Users and organizations should always apply security best practices, including the use of the security-by-design approach, the deployment of multi-layered virtual patches or vulnerability protection, the use of the principle of least privilege. and adherence to the shared responsibility model, ”the researchers concluded.