Executive summary
In the past five years, Linux® has become the most common operating system (OS) in multi-cloud environments. It has even bypassed Windows on Microsoft Azure to power more than 78 percent of the most popular websites.1 Malicious actors have taken notice and are increasingly targeting vulnerable Linux-based systems in multi-cloud environments to infiltrate corporate and government networks.
Threat actors know that current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to Linux-based attacks. These public and private clouds are high-value targets for cybercriminals, providing access to critical infrastructure services and substantial computational resources.
In fact, cloud infrastructures and data centers host key components, such as email servers and customer databases, that have been the target of high-profile intelligence-gathering breaches. The large-scale campaign carried out in early 2021, which targeted Exchange servers,2 and the Cybersecurity and Infrastructure Security Agency (CISA) alert about BlackMatter,3 which targeted the U.S. food and agriculture sector, are good examples of how attacks to vulnerable cloud infrastructure can disrupt an organization’s value-delivery pipeline.
These threats take advantage of weak authentication, vulnerabilities and misconfigurations in container-based infrastructures to infiltrate the environment with remote access tools (RATs). Once the attackers have obtained a foothold in their target cloud environment, they often look to perform two types of attacks: execute ransomware or deploy cryptomining components.
To read full download the whitepaper:
Exposing Malware in Linux-Based Multi-Cloud Environments
