Cyber Security - Hacking - Pentest - Hacking News - Hacking Operating Systems - Vulnerability test - 30 August 2021

13 Million Security Incidents Were Attempted to Hack Linux Systems in 2021

13 Million Security Incidents Were Attempted to Hack Linux Systems in 2021

Linux power systems are used in almost every platform including Super computers, high-speed trains even in space programs, and it dominates the cloud in which 96.3% of the top 1 million web servers are globally powered by Linux systems due to the stability, flexibility, and open-source.

Parallelly, cyber attack towards Linux powered systems are dramatically increased due to its contribution in every part of the technology and enterprise networks, where various flavors or distributions of Linux and Unix systems playing major roles.

Since Linux has a larger footprint, unknowingly systems administrators exposed their Linux systems, including the critical data open to the internet.

Researchers from Trend Micro analyzed with the help of, a search engine, through which they have reported that nearly 14 million Linux-powered systems are exposed to the internet and open to access for the hackers.

When diving deep into the exposed systems, researchers also found that a Secure Shell Protocol (SSH) for Linux-based machines was found open for almost 19 million systems facing the internet, and it help hackers to attack the exposed system using botnets to initiate the brakeforce attacks.

Linux Systems Affected by Top Malware Families & Vulnerabilities

In Deep analysis with the telemetry data collected by Trend Micro experts from January 2021, over 13 Million incidents were identified & recorded targeted by various malware families.

In this list, Coinminers are aggressively targeting the Linux-powered systems and Web Shells, Ransomware, Trojans, and other familiars observed next to it. These malware families are mainly targeting the following Linux distributions.

  • CentOS Linux
  • Cloud Linux Server
  • Ubuntu Server
  • RedHat Enterprise Linux Sever

There is some windows malware that has been added to this list, which means that the attackers using Linux servers as a Command & Control server or storage.

Vulnerabilities on Linux

Trend Micro Researchers uncovered the 15 most exploited vulnerabilities (Common Vulnerabilities and Exposures (CVEs)) that target Linux-powered systems with the bits of help of the telemetry data.

Apache Struts2 remote code execution (RCE) vulnerability CVE-2017-5638 Critical
Apache Struts 2 REST plugin XStream RCE vulnerability CVE-2017-9805 High
Drupal Core RCE vulnerability CVE-2018-7600 Critical
Oracle WebLogic server RCE vulnerabilities CVE-2020-14750 Critical
WordPress file manager plugin RCE vulnerability CVE-2020-25213 Critical
vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability CVE-2020-17496 Critical
SaltStack salt authorization weakness vulnerability CVE-2020-11651 Critical
Apache Struts OGNL expression RCE vulnerability CVE-2017-12611 Critical
Eclipse Jetty chunk length parsing integer overflow vulnerability CVE-2017-7657 Critical
Alibaba Nacos AuthFilter authentication bypass vulnerability CVE-2021-29441 Critical
Atlassian Jira information disclosure vulnerability CVE-2020-14179 Medium
Nginx crafted URI string handling access restriction bypass vulnerability CVE-2013-4547 N/A
Apache Struts 2 RCE vulnerability CVE-2019-0230 Critical
Apache Struts OGNL expression RCE vulnerability CVE-2018-11776 High
Liferay portal untrusted deserialization vulnerability CVE-2020-7961 Critical

During the investigation, out of 200 vulnerabilities, only 15 were actively exploited in wide or have existing proofs of concept.

According to the Trend Micro report “The applications affected by these 200 vulnerabilities have a few clear targets, including WordPress or Apache Struts, but services such as Atlassian JIRA, dnsmasq, and Alibaba Nacos aren’t the first ones a security expert would automatically assume to be in attackers’ crosshairs.”

Also, Web-based attacks on Linux systems are keep on increasing which is uncovered by researchers when comparing the spread of web and non-web attacks on Linux systems.

As result, 76% of the attacks are web-based, while only 24% of the attacks are non-web in nature that targeting the Linux environment.

“With Linux being the first choice for web servers and applications, the OWASP Top 10 has become more relevant to the operating system. Since 76.9% of the top 10 million web servers globally are Unix-based, the OWASP web app risks act as an important filter when looking at vulnerabilities affecting Linux/Unix systems.” Researchers said.

Another report revealed that injection vulnerabilities and Cross-Site scripting vulnerabilities took the first 2 places for performing the highest targeted attacks.

In terms of non-OWASP security risks, Layering brute-force, directory traversal, and request smuggling attacks took the first 3 places.

Secure Your Linux Environment

Trend Micro researchers suggested various security measures to protect your Linux environments using  native Linux tools and configurations of following:-

Third Party Tools & Control

  • Antimalware
  • Intrusion prevention/detection system (IPS/IDS)
  • Execution control
  • Configuration assessment
  • Vulnerability assessment and patching
  • Activity monitoring

Secure Your Container in Enterprise Environment

Following these basic Docker best practices that will help enterprises keep their containers secure:

  • Use lightweight base images such as Alpine Linux
  • Apply the principle of least privilege; don’t run containers as root or in privileged mode
  • Sign and verify container images to protect them against supply chain attacks
  • Actively scan and fix vulnerabilities in container dependencies
  • Don’t hardcode secrets or credentials on container images

Fatal error: Uncaught Error: Call to a member function listFiles() on null in /home/bht/public_html/wp-content/plugins/w3-total-cache/CdnEngine_GoogleDrive.php:595 Stack trace: #0 /home/bht/public_html/wp-content/plugins/w3-total-cache/CdnEngine_GoogleDrive.php(615): W3TC\CdnEngine_GoogleDrive->path_get_id() #1 /home/bht/public_html/wp-content/plugins/w3-total-cache/Cdn_Core.php(738): W3TC\CdnEngine_GoogleDrive->format_url() #2 /home/bht/public_html/wp-content/plugins/w3-total-cache/Cdn_Plugin.php(1232): W3TC\Cdn_Core->url_to_cdn_url() #3 /home/bht/public_html/wp-content/plugins/w3-total-cache/Cdn_Plugin.php(915): W3TC\_Cdn_Plugin_ContentFilter->_link_replace_callback_ask_cdn() #4 [internal function]: W3TC\_Cdn_Plugin_ContentFilter->_link_replace_callback() #5 /home/bht/public_html/wp-content/plugins/w3-total-cache/Cdn_Plugin.php(873): preg_replace_callback() #6 /home/bht/public_html/wp-content/plugins/w3-total-cache/Cdn_Plugin.php(315): W3TC\_Cdn_Plugin_ContentFilter->replace_all_links() #7 [internal function]: W3TC\Cdn_ in /home/bht/public_html/wp-content/plugins/w3-total-cache/CdnEngine_GoogleDrive.php on line 595