Analysts reviewed 13 million safety incidents and located that end-of-life variations of Linux distributions have been on the largest threat.
Linux now has been round lengthy sufficient that previous variations are inflicting safety issues, based on a brand new report from Pattern Micro. Safety analysts discovered that 44% of safety breach detections got here from CentOS variations 7.4 to 7.9, adopted by CloudLinux Server, which had greater than 40% of the detections, and Ubuntu with virtually 7%. CentOS 7 was first launched in June 2014 and full assist resulted in August 2019.
Pattern Micro detection knowledge from the Linux Menace Report 2021 1H exhibits the highest 4 Linux distributions the place the highest risk varieties have been discovered:
- CentOS Linux: 51%
- CloudLinux Server: 31%
- Ubuntu Server: 10%
- Purple Hat Enterprise Linux: 3%
SEE: The evolution of Linux on the desktop: Distributions are so significantly better immediately (TechRepublic)
Pattern Micro analyzed greater than 13 million safety occasions to determine the highest 10 malware households and commonest risk varieties. The highest 5 risk varieties affecting Linux servers from Jan. 1 to June 30 have been:
- Coin Miners: 25%
- Internet shells: 20%
- Ransomware: 12%
- Trojans: 10%
- Others: 3%
About 40% of the detections got here from the U.S., adopted by Thailand and Singapore with 19% and 14%.
The information from the report comes from Pattern Micro’s monitoring knowledge from its safety merchandise and from honeypots, sensors, anonymized telemetry and different backend companies. Pattern Micro sees this knowledge as an illustration of the real-world prevalence of malware and vulnerability exploitation in massive and small corporations throughout a number of industries.
Most typical OWASP and non-OWASP assaults
The report checked out web-based assaults that match within the Open Internet Utility Safety Mission prime 10 record in addition to frequent assaults that aren’t on the record. The most typical OWASP assaults are:
- SQL injection: 27%
- Command injection: 23%
- XSS: 22%
- Insecure deserialization: 18%
- XML exterior entity: 6%
- Damaged authentication: 4%
The information confirmed that injection flaws and cross-scripting assaults are as excessive as ever. The report authors additionally famous the excessive variety of insecure deserialization vulnerabilities, which they see as partly because of the ubiquity of Java and deserialization vulnerabilities. The information evaluation additionally discovered Liferay Portal, Ruby on Rails and Purple Hat JBoss deserialization vulnerabilities. Magno Logan and Pawan Kinger wrote the report for Pattern Micro and mentioned:
“Attackers additionally attempt to use vulnerabilities the place there’s damaged authentication to realize unauthorized entry to methods. The variety of command injection hits additionally got here as a shock as they’re increased than what we’d have anticipated.”
The report discovered that brute-force, listing traversal and request smuggling assaults are the three most prevalent non-OWASP safety dangers.
SEE: Rocky Linux launch candidate is now accessible and is strictly what CentOS admins are on the lookout for (TechRepublic)
The best way to defend Linux servers
The report additionally reviewed safety threats to containers and recognized complete vulnerabilities for the 15 hottest official Docker photographs on Docker Hub. That is what the record appears to be like like:
Picture Whole vulnerabilities
To guard containers, the report authors suggest asking these questions:
- How safe are the container photographs?
- Can the container photographs be trusted?
- Are the container photographs operating with correct privileges?
Corporations additionally ought to take into consideration code safety, the report recommends, and add these code safety verifications to the event pipeline:
- Static utility safety evaluation
- Dynamic utility safety evaluation
- Software program composition evaluation
- Runtime utility self-protection
The Pattern Micro analysts suggest making a multilayered safety technique that features these parts:
- Intrusion prevention and detection system
- Execution management
- Configuration evaluation
- Vulnerability evaluation and patching
- Exercise monitoring