How to Approach Linux Threats?

Enterprise Security Magazine | Monday, July 06, 2020

Most of the security solutions are emphasizing on detecting Windows threats, but the focus should be on mitigating risks in the Linux platform.

FREMONT, CA: There is a lot of importance given for protecting Windows endpoints in the antivirus industry. Windows desktop users dominate close to 87 percent of the total desktop market share when compared to the 2 percent share held by Linux desktop users. A group of people argue that Linux is the safest and most secure operating system as it is scarce that malware targets Linux end users. While discussing the threats to the Linux platform, we must understand that Linux desktop usage is a tiny piece of the puzzle. About 70 percent of the webserver market share is made by Linux, according to Web Technology Surveys, and, according to CBT Nuggets, 90 percent of all cloud servers. Linux is said to be the most popular operating system among Microsoft’s Azure Cloud, according to ZDNet.

The recent discovery of HiddenWasp, QNAPCrypt, and Evilgnome has made the emergence of Linux threats evident. The detection rate is low as reported by several security vendors, and this is due to the industry’s quick migration to the cloud, combined with a lack of awareness about the threats.

The organizations can incorporate best security practices to mitigate cyber threats targeting Linux systems:

• Incorporate a runtime protection product and appliance control solution. To derive better results and more straightforward configuration implementing a Genetic Malware Analysis approach to detect unauthorized or malicious code to cut down the number of false positives that is primarily encountered from such runtime protection solutions.

• A routine review of important system files should be done. An important thing to be regarded is that once installed on a server or a device, and malware will try to achieve persistence. Specifically, in Linux servers, it is essential to look at the different suspicious cron jobs or system, initialization scripts and services.

• A safe SSH login with a key, from a remote control standpoint, eradicates the option to log in with credentials.

Although the rise is Linux and cloud-forced threats are alarming enterprises are shifting their most significant assets to the cloud, leaving their infrastructure exposed to data breaches. Hence it is high time to gain visibility and take control of the actual code that is running on the cloud infrastructure.

See Also :- Top Enterprise Security Solution Companies

Weekly Brief