3 Ways to Help Customers Defend Against Linux-Based Cyberattacks


Linux operating systems power more than 90% of the world’s public cloud workload, from government web servers to smart manufacturing technologies. But as organizations continue to shift operations to the cloud, cybercriminals are following suit and directing their attention to Linux-based cyberattacks.

Scott Barlow, global VP of MSP and cloud alliances, Sophos
Author: Scott Barlow, global VP of MSP and cloud alliances, Sophos

With a reputation for providing more robust security than rival operating systems, Linux can give users a false sense of security. Consequently, IT and security teams often deprioritize security measures that prevent cybercriminals from gaining unauthorized network access. The simple reality is that no operating system is bulletproof, which is evident when you look at the 650% increase in malware targeting Linux in H1 2022 compared to the previous year.

So, to effectively defend customers’ cloud environments against sophisticated attackers, managed service providers (MSPs) need to stay current in best security practices for Linux and guide customers through the deployment of end-to-end security measures.

What makes Linux such an attractive target?

Organizations across industries rely on Linux operating systems to run mission-critical applications, web servers and cloud infrastructure. In recent years, many businesses have also adopted “smart” technologies that run on Linux, including countless Internet of Things (IoT) devices. But many of the servers and network devices powered by Linux face external networks and handle high volumes of traffic, creating a larger attack surface and more opportunities for bad actors to gain access.

Additionally, the inherent sense of security associated with Linux causes IT and security teams to place critical measures like patching and resolving misconfigurations on the backburner. This is a mistake because like any operating system, an improper Linux configuration can lead to vulnerabilities and security gaps.

Combined, these factors make Linux an enticing target for attackers. More organizations operate in Linux-based cloud environments than ever before, and the deprioritization of security measures leaves fewer hoops for cybercriminals to jump through to gain access. So, it’s no surprise that adversaries developed nearly 1.7 million new malware programs targeting Linux in H1 2022 alone.

How to protect customers’ Linux-based operations against growing threats

Linux security should be top of mind for MSPs, from initial deployment to ongoing maintenance. Whether you act as a consultant, help monitor for threats or are in charge of security operations, you play an important role in defending customers against Linux-based cyberattacks.

With that in mind, here are three tactics you need to include in your toolkit:

  • Help customers select a Linux distribution that suits their needs. Since Linux is an open-source operating system, various versions (or distributions) exist. And it matters which one you choose because each distribution serves a unique purpose, requires different hardware resources and comes equipped with different security features. For example, distributions like BlackBox Linux and Kali Linux enable seamless and secure penetration testing, while flexible Ubuntu is more suitable for hosting web servers.
  • Dedicate time to planning before deployment. Many organizations lack the resources and knowledge needed to deploy and maintain Linux. This provides an opportunity for you to step in and offer your expertise because you have to know an operating system like the back of your hand to ensure it is secure.

Attacks on Linux often stem from misconfigurations and poor administration, which means security is a top priority when planning for and deploying the operating system. As you help customers prepare for a Linux deployment, consider access controls, plans for system backups, and determine how frequently you will update the system. You should also identify which security functions you can automate for faster threat detection.

  • Implement proactive cybersecurity measures and tools. As with any operating system, proactive security measures are critical in protecting Linux-based operations against cyberthreats. Encourage customers to follow several best practices:
    • Create strong passwords and use a password manager
    • Implement multi-factor authentication
    • Authenticate users with cryptographic keys
    • Avoid a single point of failure
    • Automate endpoint detection and response
    • Lean on patch management systems for routine patching

In addition to maintaining cybersecurity hygiene, you can help customers determine which protection tools are the right fit for their distribution and business needs. In many cases, customers will require additional threat hunting services to monitor and respond to threats once these tools are installed.

The most important thing you can do is to act now. Don’t wait until your customers are under siege by cybercriminals to help secure their operations. While downtime from deploying protective measures may feel inconvenient at first, remember that you’ll incur much more downtime trying to recover from a data breach than you would implementing proactive security measures in the first place.

Scott Barlow is VP, Global MSP & Cloud Alliances, at Sophos. Read more Sophos guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.