Due to the fact that Linux-based systems are immediately accessible to the internet, attackers can simply target them to install malicious web shells and other malicious software such as ransomware and Trojan horses. “Trend Micro” presented a detailed review of the Linux threat landscape in the first half of the year, including the difficulties and vulnerabilities that afflicted the OS. This was done using honeypots, sensors, and anonymous telemetry data.
Coin miners and ransomware make up 54 percent of all malware, while web shells account for 29 percent, according to the business, which discovered around 15 million malware incidents targeting Linux-based cloud infrastructures.
Experts have also uncovered 15 separate vulnerabilities that have been exploited in the field after analyzing more than 50 million events from 100,000 unique Linux hosts.
- CVE-2017-5638 (CVSS score: 10.0) – Apache Struts 2 remote code execution (RCE) vulnerability
- CVE-2017-9805 (CVSS score: 8.1) – Apache Struts 2 REST plugin XStream RCE vulnerability
- CVE-2018-7600 (CVSS score: 9.8) – Drupal Core RCE vulnerability
- CVE-2020-14750 (CVSS score: 9.8) – Oracle WebLogic Server RCE vulnerability
- CVE-2020-25213 (CVSS score: 10.0) – WordPress File Manager (wp-file-manager) plugin RCE vulnerability
- CVE-2020-17496 (CVSS score: 9.8) – vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability
- CVE-2020-11651 (CVSS score: 9.8) – SaltStack Salt authorization weakness vulnerability
- CVE-2017-12611 (CVSS score: 9.8) – Apache Struts OGNL expression RCE vulnerability
- CVE-2017-7657 (CVSS score: 9.8) – Eclipse Jetty chunk length parsing integer overflow vulnerability
- CVE-2021-29441 (CVSS score: 9.8) – Alibaba Nacos AuthFilter authentication bypass vulnerability
- CVE-2020-14179 (CVSS score: 5.3) – Atlassian Jira information disclosure vulnerability
- CVE-2013-4547 (CVSS score: 8.0) – Nginx crafted URI string handling access restriction bypass vulnerability
- CVE-2019-0230 (CVSS score: 9.8) – Apache Struts 2 RCE vulnerability
- CVE-2018-11776 (CVSS score: 8.1) – Apache Struts OGNL expression RCE vulnerability
- CVE-2020-7961 (CVSS score: 9.8) – Liferay Portal untrusted deserialization vulnerability
Moreover, the official Docker Hub repository contains 15 commonly-used Docker images that have been found to contain vulnerabilities in python, node, WordPress, golang, Nginx, influxdb, httpd, MySQL, and Debian as well as in Memcached, Redis, mongo, centos, and rabbitmq. Container risks must be protected and secured during the development process.
So the researchers concluded that consumers and businesses should always choose the best security procedures when it comes to using this operating system This should include applying the security by design method, installing virtual patching or vulnerability shielding, enforcing the principle of least privilege, and adhering to a shared responsibility paradigm, among other things.