After rising and falling since 2021, new Linux malware hit record highs at the end of 2022, growing 117% from previous levels.
While Linux malware reached unprecedented numbers in 2022, the total number of new malware developments on other major computing platforms declined.
Linux is considered to be one of the safest operating systems. But the roller coaster ride of detected incidents since 2021 shows that it’s not immune to malware.
Malware attacks on Linux are not new. What is changing, however, is the focus cybercriminals are now putting on Linux in business and industry. Linux malware has become more prevalent in recent years as more and more devices and servers run on Linux operating systems.
The new malware numbers, based on an analysis by Atlas VPN researchers, show that the Linux threat landscape is evolving, the report’s authors warned. It shows that attackers are increasingly seeing Linux as another worthwhile target.
“Linux users need to be aware of the growing risks as prioritizing system security is more important than ever,” they concluded.
Report Details
New Linux malware threats hit record numbers in 2022, up 50% to 1.9 million, according to data analysis released by Atlas’ VPN team on Jan. 18.
Compared to 2021, when 121.6 million samples were detected, the total number of new malware dropped by 39% to 73.7 million in 2022. Most new Linux malware samples (854,690) were seen in the first quarter of 2022. But in the second quarter, new malware samples fell nearly 3% to 833,065.
Those Linux detection numbers fell again by a staggering 91% to 75,841 in the third quarter of last year. However, they picked up again in the fourth quarter of 2022, growing 117% to 164,697.
The Linux malware analysis is based on threat statistics from AV-Atlas, a threat intelligence platform from AV-Test GmbH, an independent research institute for IT security in Germany.
Malware by the Numbers
The research shows that malware is declining across all computing platforms. But despite the decrease in detected new incidents, malware attacks on the Linux operating system increased drastically.
The Android platform saw the largest drop in newly written malware, down 68%. It fell from 3.4 million in 2021 to 1.1 million in 2022.
Although Microsoft Windows is the most targeted operating system, it ranked second in reduced number of new malware threats with a 40% decrease. It went from 116.95 million malware detections in 2021 to 70.7 million last year.
New malware detections on the macOS platform fell 26% from 17,061 in 2021 to 12,584 in 2022.
Taking all factors into account, Linux is still a highly secure operating system, according to the analysis report. The researchers attributed this assessment to Linux and its open-source software’s penchant for allowing constant scrutiny by the tech community.
This “many eyes” philosophy leads to fewer exploitable vulnerabilities. In addition, Linux restricts the administrative rights for users.
Cyber vigilance recommended for all users
Although much of the business use of Linux in enterprises involves cloud computing and servers, another recent report warns that consumers in general are facing new threats from new technologies on all computing platforms.
A just-released ReasonLabs report, The State of Consumer Cybersecurity 2023, cites growing concern about new threats emerging from new technologies such as virtual or mixed reality.
“To protect themselves and their families from both existing and emerging threats, home users should educate themselves about potential threats and consider cyber protection solutions such as next-gen antivirus software, a VPN, a DNS filter, and parental control apps on their digital devices,” said Kobi Kalif, CEO and co-founder of ReasonLabs.
As organizations improve their cybersecurity practices, attackers are increasingly focusing on home users, according to ReasonLabs. The proliferation of remote and hybrid work has made it easier for attackers to access corporate networks through employees’ home networks.
Why Linux malware attacks are shifting
Linux malware first appeared in 1996 as a simple virus. Attackers attempted to gain root access by appending code to running executables.
This early attempt failed to spread. In some cases, IT and system administrators have been able to quickly patch their Linux installations to protect them from malware attacks.
Hackers focused on loading malware onto computer systems that were more accessible to their rogue code. That is no longer the case.
Today, attackers see Linux servers as a valuable target for a higher return on investment. According to cybersecurity experts, Linux malware has become more complex and dangerous in the last two years.
Now the cadre of malware targeting Linux systems includes tools like Cloud Snooper, EvilGnome, HiddenWasp, QNAPCrypt, GonnaCry, FBOT and Tycoon.
It’s not surprising that Linux-related malware attacks have experienced erratic rates, said Mark N. Vena, CEO and principal analyst at SmartTech Research.
“While Linux does have a reputation for withstanding malware attacks, the fact is attackers have limited resources and are more likely to primarily target Windows, macOS, and smartphones [iOS/Android] because there’s a lot more upside from a pure volume standpoint,” Vena told LinuxInsider.
At the market level, he acknowledged that Atlas’ VPN report also indicated that malware attacks had decreased on most platforms, especially Windows.
“It’s a sign that companies using Windows are doing a much better job of integrating VPN and security solutions that successfully mitigate some of these requests,” Vena said.
