Coinminers, web shells and ransomware made up 56% of top malwares affecting Linux servers during the first half of 2021, according to Trend Micro‘s Linux Threat Report 2021 1H. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape.

“From over 13 million events that we identified and flagged from our sensors, we identified the top 10 malware families which we then consolidated by their threat types,” the report said. The top types of malwares being:

25% Coinminers – The high prevalence of cryptocurrency miners is of little surprise given the clear motive of the seemingly endless amount of computing power the cloud holds, making it the perfect environment.
20% Web shells – The recent Microsoft Exchange Attack, which leveraged web shells, showed the importance of patching against this type of malware
12% Ransomware – The most prevalent detected was the modern ransomware family, DoppelPaymer, however some other notable ransomware families seen targeting Linux systems as well are RansomExx, DarkRadiation, and the DarkSide.

The report revealed that most detections arose from systems running end-of-life versions of Linux distributions, including 44% from CentOS versions 7.4 to 7.9.

In addition, 200 different vulnerabilities were targeted in Linux environments in just six months. This means attacks on Linux are likely taking advantage of outdated software with unpatched vulnerabilities.

“It’s safe to say that Linux is here to stay, and as organizations continue to move to Linux-based cloud workloads, malicious actors will follow,” said Aaron Ansari, vice president of cloud security for Trend Micro. “We have seen this as a main priority to ensure our customers receive the best security across their workloads, no matter the operating system they choose to run it on.”