cybersecurity

Once upon a time, it was accepted practice to run a Linux machine (or a Mac for that matter!) without Endpoint Protection

The general consensus was that the majority of endpoint out there were some variant of a Windows Device and.. well forgive me Microsoft, but they were easy targets. There was nothing of interest or value kept on a Linux box.... or so the story goes.

If you were putting something like ClamAV on your Linux box, it was simply due diligence to protect Windows File Shares on the Samba service.

But over the past 5-6 years, a couple things have happened.

First, Microsoft woke up and started adopting security practices right into their Operating Systems and Applications. Up until recently, Microsoft took a back seat to Endpoint Protection vendors like Symantec, McAfee, Trend, Kaspersky, etc... No more. The Windows Defender product is a powerhouse unto itself! Windows machines are not by default as easy a terget as they used to be.

Second, the world started the move towards cloud based infrastructure with virtualized servers. The majority of which are Linux. The two largest cloud providers, Amazon AWS and Microsoft Azure (cough) are almost completely linux.

Amazon's AWS Cloud service:

On Amazon EC2, standard Linux (along with its various distros) controls 92 percent of the market. It boasts more than 350,000 individual instances. Again, Windows is responsible for the other eight percent.

https://www.makeuseof.com/tag/linux-market-share/

Microsoft's Azure Cloud service:

Microsoft developer reveals Linux is now more used on Azure than Windows Server. Linux rules all the clouds now, including Microsoft's own Azure.

https://www.zdnet.com/article/microsoft-developer-reveals-linux-is-now-more-used-on-azure-than-windows-server/

Linux now runs the backbone of almost every large corporate cloud initiative.

Intellectual property, Client data, Personal Credit and Health data are all processed by the petabyte daily in Linux servers... So the threats have started showing up in droves.

An infected directory showing files with a ".lilocked" extension. Image via FOSSBytes June 2017 saw "Erebus ransomware" encrypted 153 Linux server in South Korea.

Also In 2017, we saw "Killdisk ransomware" in the Ukraine.

In July 2019, Linux Ransomware started showing up in cloud hosted environments.

Lilu or Lilocked as it's called, targets specific file types (like HTML, PHP, and image files) and alters their file extension to ".lilocked." The ransomware also leaves a note instructing affected users to access an Onion site and pay either 0.03 BTC or US $325 to decrypt file affected files.

And also in 2019 QNAPCrypt come on the scene to specifically target Linux NAS servers.

It's no longer an issue of due dilligence.

If you run a Linux machine, server or workstation, you are succeptible to the same threats your friends are on their Windows boxes.

Below are some of the current options to help protect your Linux workhorse:

First up: The surprise of surprises!

Microsoft Defender ATP for Linux

Following on the heels of Microsoft ATP for Mac,

Microsoft Defender ATP for Linux public preview is now open!

In this initial release, they offer preventive capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats.