Security solutions provider Trend Micro has in a report claimed that vulnerabilities in distributions of Linux are showing up all over the place, and that millions of systems might be at risk.
Developed by Linus Torvalds in the early 1990s, the Linux operating system gained popularity because he released it as open-source software, meaning anyone can make changes to it, but must follow the honor code to release these modifications to respective communities.
Linux has since come to be the operating system of choice for servers across the world, whether it be for hosting websites or delivering cloud-based services.
Its use in personal computers has also gained traction, chiefly due to the proliferation of distributions, referred to as distros for short in the Linux community, that range from the ultra-lightweight Puppy Linux to fleshed-out feature-loaded ones like Ubuntu or Linux Mint.
Now, Trend Micro has said that it has detected millions of “security events” in Linux distributions — both in PC and server versions — in recent years.
This is not good news for a family of OSes that was known to be overall safe from hacking and other malicious activity.
The American-Japanese company said in its report that the most common security event it saw was coinminers, a class of malware that turns computers into drones so that they can then be used to mine cryptocurrencies like bitcoin.
At an incidence rate of 24.56 percent, they made up for nearly one in four security events that Trend Micro was able to detect.
Next in line were web shells (20 percent), ransomware (12 percent), and trojans (10 percent).
In a much larger list, Trend Micro detailed the specifics of the biggest vulnerabilities in Linux systems.
It warned that some Windows-based malware families had made their way into the list, “which means that Linux servers act as a storage or command-and-control server for Windows malware.”
This means that while these servers themselves are not infected by these malwares, they act as hosts for them. The infections begin when someone using a Windows-running computer accesses the server, like visiting a website hosted on it.
The top four Linux distributions where Trend Micro found the top malware families are CentOS Linux (around 51 percent), CloudLinux Server (31 percent), Ubuntu Server (10 percent) and Red Hat Enterprise Linux (3 percent).
The fact that Red Hat Enterprise Linux made the cut here should be a cause for concern, because unlike other distros, it is a commercially-marketed distro — possibly the only Linux distro that requires a license be bought to use it, and therefore looked down upon in the Linux community.