Linux Malware Sees 35% Growth During 2021

Linux is similar to other operating systems such as Windows, and OS X. Like other operating systems, Linux has a graphical user interface, as well as comparable versions of software commonly used on other operating systems. Its uses are as diverse as any other OS, making Linux a favored platform for use in certain areas such as web serving, networking, and databases. The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks.IoTs are typically under-powered "smart" devices running various Linux distributions and are limited to specific functionality.

However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.Besides DDoS, Linux IoT devices are recruited to mine cryptocurrency, facilitate spam mail campaigns, serve as relays, act as command and control servers, or even act as entry points into corporate networks The most prevalent Linux-based malware families in 2021 were XorDDoS, Mirai and Mozi, which collectively accounted for 22% of all Linux-based IoT malware that year. These were also a main driver of malware targeting all Linux-based systems, which grew 35% in 2021 compared with 2020.

A notable case of the malware's distribution was shown in 2021 after a Chinese threat actor known as "Winnti" was observed deploying it with other derivative botnets.The malware called Mirai turned thousands of vulnerable Linux-based routers, IP cameras and other IoT devices into a botnet that targeted Dyn and others with a massive DDoS attack. Whereas, Mozi is a P2P botnet relying on the distributed hash table (DHT) lookup system to hide suspicious C2 communications from network traffic monitoring solutions. People often say that hackers don't generally target linux users because linux OS only take up about 5% of the market whereas macOS takes 25% and windows users comprise 70%.

This kind of logic and thinking is exactly what makes us linux users vulnerable in my opinion. All users are targets regardless of operating system. Although windows is notoriously easier to hack than macOs or linux. Fact is simple endpoint attacks became complex, multi-stage operations.Ransomware attacks hit small businesses and huge corporations alike. Cryptomining attacks gave cyber criminals an easy foothold into company networks. It was a year of massive data leaks, expensive ransomware payouts, and a vast, new, complicated threat landscape. And it was a year that saw cyber criminals up their threat game in a big way.