The increasing number of cybercriminals are exploiting the systems using Linux malware, according to a report by WatchGuard Technologies. The security solution provider also claims that IoT devices powered by the open source technologies are attracting the attacker’s attention.
The Internet Security Report by WatchGuard Technologies for the first quarter of 2017 reveals that despite an overall drop in general malware detection, Linux malware grew more than 36 percent of the top threats. The Linux malware is found in three variants, namely Linux/Exploit, Linux/Downloader and Linux/Flooder. These three versions are also listed among top 10 malware samples of the year.
One of the primary reasons behind increasing Linux attacks is the systematic weaknesses in Linux-powered IoT devices. The botnet developers are moving towards Linux for the flexibility and openness, but it is also resulting in rapid growth. Linux variants and their attacks tend to target certain geographic areas too.
“The increased presence of Linux/Exploit, Linux/Downloader and Linux/Flooder combined to illustrate attackers’ increased focus on Linux servers and IoT devices,” the report said.
Linux/Exploit variant affects Europe, the United States and United Arab Emirates. Linux/Flooder is targeted towards France and Germany while Linux/Downloader mostly affected Germany, Malaysia and Great Britain. The report also suggests that 99.99 percent of Linux malware was delivered over the Internet, whereas only eight attacks were targeted via email or FTP.
The majority of the Linux attacks are targeting IoT devices. Furthermore, the report highlights that a large number of attackers are exploiting the Android StageFright flaw that was first emerged in 2015.
WatchGuard’s team used anonymised Firefox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide that blocked over 7 million malware variants in the first quarter, representing an average of 266 samples blocked by each device. WatchGuard appliances also blocked more than 2.5 million network devices in the same quarter — equates to 156 attacks blocked per device.