Not long ago, the term “Linux protection” was closer to an oxymoron than a strategy. For security teams and vendors alike, Linux systems were seen as being either immune to cyber threats or not something threat actors targeted.
This made sense. After all, Linux is open source, and, compared to Windows, its codebase is tiny. Also, thanks to a dedicated fanbase, thousands of eyes are supposed to be constantly finding and removing bugs in every flavor of Linux distribution. All great reasons to put Linux server security on the bottom of any to-do list.
Unfortunately, perceptions of the near invulnerability of these Linux features have proven false. Ransomware may not have been a primary concern a few years ago. But today there are at least nine major ransomware families targeting Linux systems, including a Linux version of REvil, DarkSide, BlackMatter, and Defray777. Cryptojacking is also on the rise, and 89 percent of Linux cryptominers now use Monero cryptocurrency XMRig-related libraries. With 13 million detected attacks on Linux systems in the first half of 2021 alone, the idea that Linux systems are not a target for cybercriminals is simply no longer true.
The Linux Threat Environment Is Extremely Hostile