A new report from Intezer says a record number of new Linux malware families were discovered in 2020.
Intezer, US-based developer of a malware analytical platform, published a report according to which 2020 saw 56 new families of Linux malware. This is a 40% increase compared with 2019-2020.
Among the findings in the “X-Force Threat Intel Index” report is that, while in 2019, banking trojans and ransomware were the top “innovators,” in 2020 malware authors shifted their attention to Linux.
The number of Linux malware families discovered in 2020 was much higher than that in other threat types. The researchers saw an overall growth of 500% from 2010 to 2020.
Malware threatens cloud
Researchers explain this spike in Linux malware with the fact that Linux is the backbone of many business-critical cloud infrastructures and data warehouses.
We all know that in the wake of the COVID-19 pandemic, the global business accelerated took to the cloud.
Gartner survey found that nearly 70% of organizations already using cloud services today plan to increase their cloud spending. While overall, end-user spending on cloud services globally is forecast to grow to a total of $304.9 billion in 2021, an increase of 18.4%.
“With Linux currently powering 90% of cloud workloads and a 500% increase in Linux-related malware families in the past decade, cloud environments are becoming a prime target for threat actors,” writes Intezer.
Some top threat actors such as Carbanak, APT28, and APT29 have been shifting their focus to Linux and creating versions of their malware. Notorious RansomEXX and SFile came back in their Linux incarnations, too.
Another trend spotted by Intezer is that cybercriminals created 13% more of Linux cryptomining malware in 2020 than before. A big spike in attempts to maliciously obtain cryptocurrency took place around the time Bitcoin and other cryptocurrencies started to soar.
Malware written in Go lang
Finally, Intezer reported a 500% increase in Go-written malware. Most of it happened in the first six months of 2020. Both nation-state backed and non-nation state threat actors choose Go to develop cross-platform malware that targets both Windows and Linux systems.
Intezer predicts we likely will see more attacks from Go malware on cloud environments as more enterprises move to the cloud.