Viruses and Malware on Linux: Why They Are on the Rise

For many years, the operating system Linux It was considered a safe choice, far from the risks of malware, viruses and other cyber threats; this sense of security came from the fact that Linux was used mainly in technical environments and on servers, often managed by cybersecurity professionals.

However, in recent years, the increase in viruses, malware and ransomware targeting Linux has raised concerns among even the most experienced users; The rise of these threats is due to several factors, including the growing popularity of Linux, the increase in its implementations in cloud services, and the evolution of cyber attacks.

History of Computer Mishaps on Linux Operating Systems

Historically, Linux has been less prone to viruses than Windows or macOS, largely due to its architecture and its open-source community, which promotes rapid resolution of vulnerabilities.

Linux systems are based on strict access permissions that limit the ability of a malicious program to spread or access critical system resources without authorization; furthermore, the decentralized nature of Linux, With many different distributions, it makes it difficult for a single attack to target large swaths of users.

The first known threats on Linux date back to the 1990sbut they were mostly experimental or limited to specific vulnerabilities; one of the first Linux viruses was “Staog”, discovered in 1996. Staog exploited kernel vulnerabilities to gain root privileges and infect the system; in the following years, malware developers’ attention was mainly focused on Windows, since its user base was immensely larger.

However, with the explosion of the Internet and the spread of Linux-based servers, especially in the world of web servers, threats have gradually increased; the worm “Ramen” in 2001 was one of the first malware to hit Linux servers on a large scale, exploiting known vulnerabilities in some popular software; over time, with the expansion of cloud services and Linux-based infrastructures, the threat landscape has changed dramatically.

Most Notorious Linux Viruses and Malware

Some of the most notorious malware and viruses that have hit Linux include:

1. I will see (2016): One of the most notorious Linux-based botnets used for DDoS attacks. Mirai exploited vulnerable IoT devices, many of which were running lightweight versions of Linux; this malware turned these devices into zombies to carry out mass attacks on specific targets.
2. Erebus (2017): A ransomware that made headlines when it compromised the servers of a major South Korean web hosting provider; Erebus exploited a vulnerability in an outdated version of Linux, encrypting files and demanding a ransom in bitcoin to unlock them.
3. HiddenWasp (2019): A sophisticated malware designed to specifically target Linux systems; used to maintain persistent remote access to compromised machines, HiddenWasp was difficult to detect and capable of evading many security measures.
4. RansomEXX (2020): A ransomware that has hit several large organizations, including the Brazilian government, infecting both Windows and Linux machines. This marks the evolution of ransomware, which are starting to target operating systems other than Windows as well.

The bottom line: Why the increase in viruses, malware, ransomware, and more on Linux?

The increase in malware on Linux is driven by several factors:

1. Growing popularity of Linux: With the spread of cloud technologies, containerization (with Docker) and server platforms, Linux has become the default choice for many critical infrastructures; More users mean more targets, making Linux an attractive target for malware developers.
2. Greater value of the Goals: Many major companies use Linux servers to host sensitive data or to manage critical infrastructure. Attacks on Linux are therefore often more profitable and can have devastating impacts, such as paralyzing entire corporate systems.
3. IoT Devices: Many IoT devices run lightweight versions of Linux. These devices often have vulnerabilities due to poor maintenance and updates, making them easy to compromise, as demonstrated by the Mirai botnet.
4. Cross-platform ransomwareRansomware, originally designed for Windows, is now increasingly targeting Linux systems as well; attackers create variants of their malware for different platforms, trying to maximize profits.
5. False Perception of Security: Many Linux users, including system administrators, feel less secure than Windows users, and this can lead to negligence such as not applying timely security updates or configuring servers with inadequate security settings.

How to behave

To protect yourself from malware on Linux, it is essential to adopt some good computer security practices:

1. Update your system regularly: Most vulnerabilities exploited by malware on Linux are already known and have been patched by developers. Keeping your system up to date is the first line of defense.
2. Implement Firewalls and Intrusion Detection Systems (IDS): Setting up a firewall can prevent unauthorized access, while IDS systems can monitor and detect suspicious activity on the network.
3. Restrict permissions: Ensure that users only have the permissions needed to do their jobs, reducing the risk that malware can easily spread if a machine is compromised.
4. Regular backups: It is important to make regular backups and keep them in safe places. In case of a ransomware attack, backups can help restore your data without having to pay the ransom.

Do you need an Antivirus on Linux operating systems?

The idea that Linux systems don’t need antivirus is partly a myth; while Linux isn’t targeted as much as Windows, the increase in threats makes it sensible to consider antivirus protection, especially in corporate environments.

Various antivirus solutions, such as ClamAV, Sophos And Bitdefenderare available for Linux and offer protection against malware, viruses and other threats.

An antivirus can detect known threats, protect against suspicious files and reduce the risk of malware infections that spread through mixed networks (Linux-Windows); although not essential for every user, For servers and business systems it is a component that can add an additional layer of security.

Basic Antivirus Check is Missing

A critical aspect to consider is that the vast majority of Linux distributions lack a pre-installed automatic antivirus control system, as is the case in major commercial operating systems such as Windows and macOS.

On Windows, for example, Windows Defender provides antivirus protection by default, while on macOS it is present XProtect and this type of basic protection, while not infallible, It represents a first line of defense against malware and other threats for less experienced users.

In contrast, on Linux, users are generally responsible for their own security. While there are antivirus tools for Linux, they are not installed or enabled by default. This leaves room for vulnerability, especially for users who may not be aware of the need to install additional protections.

The open-source philosophy and the fact that Linux is often managed by expert technical users mean that the responsibility for security falls more on the system administrator or the user, rather than on pre-configured automated tools; This lack of integrated antivirus protection can therefore pose a risk, especially with the increase in threats targeting Linux.

Conclusion

While Linux has historically been considered a secure operating system, its growing use in critical environments has made it an attractive target for cybercriminals.

The rise of Linux-specific viruses, malware, and ransomware is a direct result of its spread into the cloud and server world. Implementing strong security practices, keeping systems up to date, and considering antivirus can help protect Linux systems from these growing threats.

Remember that in an ever-changing computer world, No operating system is immune and proactive security is essential.