Threat Actors Abuse Top 15 Flaws Millions of Times to Target Linux Systems

 

Researchers at Trend Micro, have identified and flagged nearly 14 million Linux-based systems that are directly exposed to the internet, making them a lucrative target for attackers to deploy malicious web shells, ransomware, coin miners, and other Trojan horses. 

The U.S.-Japanese company published a detailed analysis on the Linux threat setting, highlighting the top threats and flaws that affected the operating system in the first half of 2021, based on the data gathered from honeypots, sensors, and anonymized telemetry.

The company, which discovered nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for 29% of the share. 

Furthermore, researchers examined more than 50 million events from 100,000 unique Linux hosts and discovered 15 different security weaknesses that have been actively exploited in the wild or have a proof of concept (POC) - 

• CVE-2017-5638 (CVSS score: 10.0) – Apache Struts 2 remote code execution (RCE) vulnerability 

• CVE-2017-9805 (CVSS score: 8.1) – Apache Struts 2 REST plugin XStream RCE vulnerability 

• CVE-2018-7600 (CVSS score: 9.8) – Drupal Core RCE vulnerability. 

• CVE-2020-14750 (CVSS score: 9.8) – Oracle WebLogic Server RCE vulnerability 

• CVE-2020-25213 (CVSS score: 10.0) – WordPress File Manager (wp-file-manager) plugin RCE vulnerability 

• CVE-2020-17496 (CVSS score: 9.8) – vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability 

• CVE-2020-11651 (CVSS score: 9.8) – SaltStack Salt authorization weakness vulnerability 

• CVE-2017-12611 (CVSS score: 9.8) – Apache Struts OGNL expression RCE vulnerability 

• CVE-2017-7657 (CVSS score: 9.8) – Eclipse Jetty chunk length parsing integer overflow vulnerability

• CVE-2021-29441 (CVSS score: 9.8) – Alibaba Nacos AuthFilter authentication bypass vulnerability 

• CVE-2020-14179 (CVSS score: 5.3) – Atlassian Jira information disclosure vulnerability 

• CVE-2013-4547 (CVSS score: 8.0) – Nginx crafted URI string handling access restriction bypass vulnerability 

• CVE-2019-0230 (CVSS score: 9.8) – Apache Struts 2 RCE vulnerability 

• CVE-2018-11776 (CVSS score: 8.1) – Apache Struts OGNL expression RCE vulnerability 

• CVE-2020-7961 (CVSS score: 9.8) – Liferay Portal untrusted deserialization vulnerability 

To make matters worse, the 15 commonly used Docker images on the official Docker Hub repository are noticed to port flaws that span across a python, node, WordPress, golang, Nginx, Postgres, influxdb, httpd, MySQL, Debian, Memcached, Redis, mongo, centos, and rabbitmq, underscoring the need to protect and secure containers threats during the development stage.

“Consumers and companies need to often utilize security finest techniques, which include using the security by style and design technique, deploying multilayered digital patching or vulnerability shielding, using the theory of the very least privilege, and adhering to the shared obligation product,” the researchers explained.