Attacks on Linux machines are on the rise

September 16, 2024 Celia Catalán

Today we are going to be commenting on the trend of attacks in Linux

Recently, data from Kasperski's report “ Exploits and vulnerabilities in Q1 2024 ” indicate that exploits of vulnerabilities for Linux operating systems are on the rise and do not seem to be slowing down.

This data shows computers protected by Kasperski products and shows how exploits on Linux computers have increased in recent years while exploits on Windows machines remain constant. Taking the data from Q1 2023 as a basis, the number of attacks has multiplied by 2.26 in this last Q1 2024.

Number of Linux users who have suffered attacks:

Número de usuarios Linux que han sufrido ataques

Number of Windows users who have suffered attacks:

NÚMERO DE USUARIOS WINDOWS QUE HAN SUFRIDO ATAQUES.

Public availability of exploits

Kasperski's analysis surprises with the availability of exploits, and the publication of PoCs or directly of the exploit ready to be used is high. In the data on vulnerabilities registered independently of the operating system, it can be seen how the percentage of exploit publications is high at the same time that the percentage of critical vulnerabilities is rising. This combination of availability of exploits and criticality of vulnerabilities is one of the reasons that may justify the increase in exploitations. As can be seen in the following graph:

Número de vulnerabilidades publicadas por año, porcentaje de las de valoración crítica y de las que tienen exploits publicados

Types of exploits

The report highlights several platforms where attacker interest is greatest and there are more exploits published. More than half of exploits take advantage of operating system vulnerabilities, being the main target platform. Others are aimed at:

• Browsers

• Operating systems (Windows, Linux, macOS)

• Microsoft Exchange Servers and their components

• Microsoft SharePoint Servers and their components

• Suite de Microsoft Office

• Other applications

Distribution of exploits for critical vulnerabilities by platform, data from Q1 2024

Distribución de exploits para vulnerabilidades críticas por plataforma, datos de Q1 2024

Conclusions

Operating system vulnerabilities are the main focus of exploits and therefore those that offer the most interest to attackers. This, added to the growing number of published critical vulnerabilities and the high availability of ready-to-use exploits, aggravates the situation and gives even more importance to risk management. Within this management, one of the current trends is the growing exploitation of vulnerabilities in Linux. This is another example of the importance of the expansion of cybersecurity and its transversal application to all affected components.

Daniel Rico , cybersecurity analyst at Zerolynx Group .

return to blog