So yesterday I wrote about the latest iteration of Ubuntu 20.04 LTS coming out in my usual glowing terms. I feel like there was nothing amiss in that article after all Ubuntu, especially the version in question, is a stellar operating system that is rock solid and has served me well. A few people however decided to call me on my bias and asked me to publicly admit that there is no such thing as an invulnerable operating system under the sun.
So here is me doing exactly that. I think I should repeat that for emphasis: There is no such thing as an invulnerable operating system under the sun. I often say the best way to make your computer impenetrable is to shut it down and pulverise it thoroughly with a hammer. But even then who knows? I have seen FBI nerds in real movies pull information on a single surviving chip.
Why I think Linux is inherently secure?
What makes Linux better than Windows in my opinion is not just the open-source code that is reviewed by scores of experts around the world. It’s the philosophy behind it all. In Windows, ignorant users can click around and blunder the way to productivity. The system is meant to be easy and fits many use cases by default. All you need to do is boot up, enter your password or just stare at your computer to login, get to the desktop and click on Chrome and you are watching cat videos.
In Linux, things can be but are usually not that easy. While you can use Windows without knowing what a registry is. In Linux, you have to be hands-on with your configurations. Every action you take has to be deliberate otherwise your risk breaking things. Often you have to set up your desktop the way you want, Chrome is not installed by default and sometimes you cannot even play videos until you install the right codecs. Linux forces you to learn and pay attention to what you are doing. You are often forced to learn why you are doing things in addition to how to do things.
Top leading Linux malware in 2021
Now that we have put the explanations out of the way it’s time to look at some of the top Linux Malware in 2021. One thing to note is that cloud-centric malware dominates in Linux. There are probably a couple of reasons for this including:
- Linux rules the cloud. There is no other way to put it. This means there are more Linux cloud instances than the competition. Naturally that means more targets
- These targets tend to be more valuable that desktop targets. A company attacked by ransomware is more likely to pay than a dude in Harare.
- A lot of amateurs are sometimes forced to spin up instances without securing them well if they want to use cloud apps. Let us say you want to start a WordPress blog, most people just follow some How to guide without securing their server properly. Same goes with email server,s minecraft servers etc. Dudes who normally use Windows are to blame.
Below are the top malware in Linux according to Trend Micro
- Coinminners-there are several of these but basically the idea is to use your cloud/computer resources to mine crypto-currencies. You can identify these threats on Linux by checking resource usage constantly. Most coinmining software is greedy and tries to grab as much resources as possible to maximise the chances of making a profit
- Web shells-again they are several including ones that target Content Management Systems like WordPress. The idea here is simple the attacker wants to gain remote control of your machine. Most of the time the goal is to set up some relay server to send spam or to deface your site and put spammy advertising link that point to the attacker’s website.
- Ransomware-for example they are Linux variants of REvil. The goal is to demand payment in return for data.
- Trojans-these are meant to steal data. Again they are popular with content management system attacks. Examples are scripts that are used to steal customer’s credit card details.
One thing to note from the above is that unlike in Windows, Linux malware is often heavily customised by attackers to target a specific vulnerability and often each Linux system is unique. This means that it’s rare to see one specific piece of malware dominate instead you have families of related malware.
How to protect yourself?
Again I am biased but I believe identifying and thwarting an attack in Linux is pretty easy. You have tools like UFW (or better yet iptables) to lock down your internet connection in ways that are unimaginable in Windows. For example, whenever I set up a new cloud server I simply block all non-Zimbabwean IPs by default. That alone removes 99.99% of the threats from the table.
Also, make it a habit to uninstall software you don’t need. Better still when installing make sure you only install the base operating system with as little stuff as possible. You can then add only just the stuff you need. Why install Apache on a Minecraft or mail server? Do you really need FTP? If not stop and disable the service via ssh.
Above all. Always check the logs. Always. Check resource usage too and see if it tallies with what you expect.