Linux in the Cloud Being Targeted by Ransomware
VMware has made a report available that not only indicates a dramatic rise in Linux host images being targeted in the cloud but that 89%of cryptojacking attacks use XMRig-related libraries and more than 50% of Cobalt Strike (a commercial adversary simulation software) users may be cybercriminals (or are using Cobalt Strike with malicious intent).
In this report, Giovanni Vigna, senior director of threat intelligence at VMware, said, “Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible.” Vigna added, "Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for."
Because Linux deployments have skyrocketed (between containers and virtual machines), these types of attacks are only going to increase exponentially. The report also points out that with the continued rise of cloud dependency, these breaches within organizations can have devastating results. This is especially so since (according to the report) these attacks are often "combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success."
Make sure to download and read the full report, titled "Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments" from VMware.