Cyberattackers increasingly focused on Linux servers and Internet of Things (IoT) devices in the first quarter of 2017, according to a new report from unified threat management (UTM) and firewall hardware provider WatchGuard Technologies.
The WatchGuard "Internet Security Report," which anonymized Firebox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide, indicated Linux malware represented 36 percent of the top malware detected in Q1 2017.
In addition, three of the top 10 malware samples in Q1 2017 targeted Linux, WatchGuard noted.
The key takeaway for channel partners and managed security services providers (MSSPs): Quite a few security companies, particularly in the SMB sector, still lean heavily toward Windows and macOS protection. But Linux needs protective managed services, too.
Linux Malware: A Closer Look
The WatchGuard report showed the following types of Linux malware dominated the internet security landscape in Q1 2017:
- Linux/Exploit: General detection rule that enables cyberattackers to execute various Linux Trojans.
- Linux/Downloader: A signature that detects common Linux dropper or downloader shell scripts.
- Linux/Flooder: A signature that catches Linux-based distributed denial of service (DDoS) tools.
Linux attacks and malware are on the rise, WatchGuard pointed out.
As such, owners of Linux-based devices should ensure they properly secure their systems against external attacks, WatchGuard stated.
"Blocking inbound Telnet and SSH, along with using complex administrative passwords, can prevent the vast majority of potential (Linux) attacks," WatchGuard noted in its report.
Internet Security Trends and Recommendations
The WatchGuard report highlighted several internet security trends, including:
- Legacy antivirus (AV) solutions continue to miss new malware. The number of new or zero-day malware that evades traditional AV solutions is increasing. This illustrates the weaknesses of signature-based malware detection solutions against advanced persistent threats (APT), according to WatchGuard.
- The cybersecurity battleground is moving toward web servers. Organizations must improve their web server defenses by limiting resource exposure, patching server software and improving their permissions policies, WatchGuard stated.
- Network attacks are increasing. The number of network attacks rose 37 percent in Q1 2017 on a quarter-over-quarter basis.
WatchGuard offered the following recommendations to help organizations combat internet security threats:
- Use basic security policies. An organization that follows basic security practices such as setting up firewalls for their IoT devices and patching their software frequently can block internet security threats.
- Develop a layered security strategy. A suite of security services that includes anti-malware, intrusion prevention and IP and URL filtering offerings can play an important role in an organization's layered security strategy.
- Segment IoT devices. An organization that segments its IoT devices can limit the impact of a cyberattack to a single device.
- Leverage an advanced malware prevention solution. With an advanced malware prevention solution, an organization can take a proactive approach to internet security threat detection and response.
Consumers and businesses constantly face network attacks, phishing and malware, WatchGuard stated in its report.
However, a vigilant approach to internet security enables an organization to defend itself against internet security threats, WatchGuard indicated.