Near 14 million Linux-based techniques are straight uncovered to the Web, making them a profitable goal for an array of real-world assaults that might outcome within the deployment of malicious internet shells, coin miners, ransomware, and different trojans.
That is based on an in-depth take a look at the Linux menace panorama revealed by U.S.-Japanese cybersecurity agency Trend Micro, detailing the highest threats and vulnerabilities affecting the working system within the first half of 2021, primarily based on knowledge amassed from honeypots, sensors, and anonymized telemetry.
The corporate, which detected almost 15 million malware occasions geared toward Linux-based cloud environments, discovered coin miners and ransomware to make up 54% of all malware, with internet shells accounting for a 29% share.
As well as, by dissecting over 50 million occasions reported from 100,000 distinctive Linux hosts throughout the identical time interval, the researchers discovered 15 totally different safety weaknesses which can be identified to be actively exploited within the wild or have a proof of idea (PoC) —
- CVE-2017-5638 (CVSS rating: 10.0) – Apache Struts 2 distant code execution (RCE) vulnerability
- CVE-2017-9805 (CVSS rating: 8.1) – Apache Struts 2 REST plugin XStream RCE vulnerability
- CVE-2018-7600 (CVSS rating: 9.8) – Drupal Core RCE vulnerability
- CVE-2020-14750 (CVSS rating: 9.8) – Oracle WebLogic Server RCE vulnerability
- CVE-2020-25213 (CVSS rating: 10.0) – WordPress File Supervisor (wp-file-manager) plugin RCE vulnerability
- CVE-2020-17496 (CVSS rating: 9.8) – vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability
- CVE-2020-11651 (CVSS rating: 9.8) – SaltStack Salt authorization weak spot vulnerability
- CVE-2017-12611 (CVSS rating: 9.8) – Apache Struts OGNL expression RCE vulnerability
- CVE-2017-7657 (CVSS rating: 9.8) – Eclipse Jetty chunk size parsing integer overflow vulnerability
- CVE-2021-29441 (CVSS rating: 9.8) – Alibaba Nacos AuthFilter authentication bypass vulnerability
- CVE-2020-14179 (CVSS rating: 5.3) – Atlassian Jira info disclosure vulnerability
- CVE-2013-4547 (CVSS rating: 8.0) – Nginx crafted URI string dealing with entry restriction bypass vulnerability
- CVE-2019-0230 (CVSS rating: 9.8) – Apache Struts 2 RCE vulnerability
- CVE-2018-11776 (CVSS rating: 8.1) – Apache Struts OGNL expression RCE vulnerability
- CVE-2020-7961 (CVSS rating: 9.8) – Liferay Portal untrusted deserialization vulnerability
Much more troublingly, the 15 mostly used Docker photographs on the official Docker Hub repository has been revealed to harbor a whole bunch of vulnerabilities spanning throughout python, node, wordpress, golang, nginx, postgres, influxdb, httpd, mysql, debian, memcached, redis, mongo, centos, and rabbitmq, underscoring the necessity to secure containers from a variety of potential threats at every stage of the event pipeline.
“Customers and organizations ought to all the time apply safety finest practices, which embrace using the safety by design method, deploying multilayered digital patching or vulnerability shielding, using the precept of least privilege, and adhering to the shared accountability mannequin,” the researchers concluded.