The very idea of what constitutes “work” has undergone a metamorphosis over the past two years. Companies and their employees have proven incredibly adaptable, and our ability to thrive collaborating online, rather than in a shared physical working space, has ushered in a work-from-anywhere era.
It’s been an exciting time of accelerated digital transformation, but has the hasty shift into the cloud environment left organizations more vulnerable?
The reality is, for many organizations working in a cloud environment, security hasn’t been a primary concern. As people are working with tools and applications that weren’t designed to securely function in the cloud — resulting in overlooked gaps in cloud security — opportunities to exploit security vulnerabilities abound.
“Bad guys are always going to follow the money. They’re watching organizations moving into the cloud, and of course they’re going to follow that money,” says Charles DeBeck, Senior Cyber Threat Intelligence Analyst for IBM Security. “What we’re seeing across the board is threat actors investing heavily in cloud-focused malware.”
So perhaps it’s no surprise that malware, like work, is undergoing its own metamorphosis, with a growing emphasis on Linux malware innovation. Linux — the open-source code that supports cloud infrastructure and data storage — is believed to power around 90% of cloud workloads. As you can imagine, Linux malware presents an incredibly alluring and lucrative area of focus for threat actors.
Although Linux malware trends have been increasing steadily since 2018, largely driven by the opportunities that crypto-mining presents, there’s been a sharper rise in recent years. Between 2019 and 2020, there was a 40% increase in Linux malware families, according to the latest data from the IBM Security X-Force Threat Intelligence Index (TII). In fact, this malware had a 500% growth from 2010 to 2020.
“Threat actors are realizing how valuable Linux malware is, so that is where they’re spending more time, ingenuity and resources,” says Camille Singleton, Manager, IBM X-Force Cyber Range Tech Team.
Linux malware saw a 146% increase in Linux ransomware with new code, according to the TII. And unique code increased in four out of five categories over the previous year. The banking industry experienced the greatest innovation increase — over tenfold — due to trojans. While Windows malware still makes up the vast majority of malware, the sheer volume of unique code suggests an ongoing trend.
Evasive, fileless malware lurking in memory can elude standard detection tools by exploiting legitimate scripting languages and sidestepping the use of signatures. Often used in Windows-based attacks, fileless malware is entering into the cloud with Ezuri, an open source crypter and memory loader written in Golang.
IBM Security X-Force research in the Threat Intelligence Index (TII) highlighted the development of a new malware suite dubbed Vermillion Strike, which provides attackers with remote access capabilities. Based on the popular penetration testing tool Cobalt Strike, Vermillion Strike is designed to run on Linux systems.
The creation of Vermillion Strike shows that attackers are planning to expand human-operated attacks executed through Cobalt Strike to Linux systems, which may help them evade detection within enterprises. This development highlights the continued migration to malware targeting Linux and indicates that ongoing operations outside of Windows environments will continue into the future.
“Where Vermillion Strike is interesting for Linux is that it shows that there is an intent to increase the use of Linux systems during human-operated attacks,” says John Dwyer, Head of Research, X-Force. “For the past few years, Linux attacks have been mostly focused on delivering a cryptominer, ransomware or web shell often through automated mechanisms. But with Vermillion Strike, it offers attackers the opportunity to easily incorporate Linux systems into larger enterprise attacks for things like lateral movement and persistence by incorporating those systems within the Cobalt Strike C2 framework.”
Cloud migration was an urgent answer to an urgent need. It’s understandable that security was an afterthought as organizations quickly mobilized a work-from-home model. Now, in this work-from-anywhere era, security officers should concentrate on implementing more robust cybersecurity tools and strategies, such as Identity Access Management (IAM).
In the work-from-anywhere world, the perimeter is a person, not a place; organizations need to shift their security mindset. Implementing a zero-trust philosophy can connect the right users to the right data at the right time under the right conditions, while also protecting your organization from cyberthreats.
Whether in a cubicle or in the cloud, on a Microsoft or Linux platform, taking proactive measures to limit access is one of the most effective ways to limit a security breach.
Browse Categories
Share Blog Post
In today’s fast-paced world of data analytics and AI, optimizing your data infrastructure is key to unlocking valuable insights and driving innovation.
In today’s fast-paced world of data analytics and AI, optimizing your data infrastructure is key to unlocking valuable insights and driving innovation.
In today’s fast-paced world of data analytics and AI, optimizing your data infrastructure is key to unlocking valuable insights and driving innovation.
At Pragma Edge, we are a forward-thinking technology services provider dedicated to driving innovation and transformation across industries.
Thank you for submitting your details.
For more information, Download the PDF.
Thank you for the Registration Request, Our team will confirm your request shortly.
Invite and share the event with your colleaguesÂ
IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges
IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges
IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges
