Has Linux Lost Its Security Edge?

Ransomware gangs are renowned for infighting. They squabble, they attack each other; they form alliances and desert them just as quickly. The results of this internecine conflict are often fruitful for cybersecurity researchers: take, for example, the leaking of malware code from Babuk, hacked in 2021 by cybercriminals disgruntled at being cheated by the notorious ransomware gang. The code was subsequently deployed by 10 additional ransomware gangs to garget VMware and ESXI servers, and spawned a string of variants that researchers have been busily patching ever since.  

What was interesting about this particular family of malware, however, was that it targeted the Linux operating system – a fast favourite of developers involved in building virtual machines in cloud-based web systems, web hosting for live websites or IoT devices. Its use has spiked in recent years, with an estimated 14 million internet-facing devices running on Linux on any given day, in addition to 46.5% of the top million websites by traffic and a whopping 71.8% of IoT devices.

That’s great news for advocates of open-source software development, for which Linux has always been an example of what can be achieved when coding communities collaborate unencumbered by anything as vile as a corporate culture or a profit motive. It’s also thoroughly frightening for some cybersecurity experts. Not only is there a marked lack of ongoing research into the security of Linux-based systems as opposed to those based off more mainstream operating systems, but also no formal, overarching system for patching the vulnerabilities in this OS. Instead, as befits an open-source creation, ‘flavours’ of Linux are patched on an ad-hoc basis by developers with time and intellect to spare – a precious resource amid a veritable tsunami of cybercrime. Attackers are starting to notice. Last year, AtlasVPN found that over 1.9 million new malware threats had been detected – a year-on-year increase of 50%.