Cybercriminals double exploitation of Linux vulnerabilities

0
69
Cybercriminals double exploitation of Linux vulnerabilities
Cybercriminals double exploitation of Linux vulnerabilities

Exploits are programs designed to leverage various vulnerabilities in cyberattacks.

In 2023, critical vulnerability registrations surged three times compared to the 2019–2022 average. Although there has been a slight decrease in 2024, the trend persists due to the increasing popularity of Linux systems, Kaspersky finds.

Exploits are programs designed to leverage various vulnerabilities in cyberattacks. The latest Kaspersky Security Network data reveals an increase in attacks with exploits against Linux users. The research indicates the peak was in Q4 2023, while the overall trend for growth is persisting in 2024, with an insignificant decline in Q1. In January–March 2024, there has been a nearly 130% increase in attacks on Linux users employing various exploits and vulnerabilities compared to the same period last year.

picture1 png

Share of Linux users, protected by Kaspersky solutions and facing vulnerability exploits in 2023-2024. Q1 2023 figures are 100%.

Linux is gaining traction in the desktop operating system market. According to Statcounter, its market share has grown, and the number of users has increased. “This trend quite accurately explains the growing threat landscape we witness for Linux. In the future, the number of exploits and attacks is likely to grow even more, underscoring the vital need for patch installation and having a reliable security solution,” says Alexander Kolesnikov, a security expert at Kaspersky. “The greatest value for exploit developers lies in vulnerabilities within software that grant control over a user’s system.”

Critical vulnerability registrations have risen over the last four years.

Kaspersky recorded a 65% increase in the number of registered CVEs (Common Vulnerabilities and Exposures) over the last four years, from 15,000 in 2019 to 25,000 in 2023. Moreover, during the last year, researchers and companies logged critical vulnerabilities three times more frequently than the research period average. The annual average of critical vulnerability registrations from 2019 to 2022 was 413, which spiked to the absolute number of registrations of 1213 in 2023.

picture2 jpg

New CVEs with the share of critical vulnerabilities, 2019-2023. Source: cve.mitre.org

To ensure corporate cybersecurity, companies are recommended to follow this advice:

  • Thoroughly understand your infrastructure and closely monitor its assets, with particular focus on the perimeter.
  • Implement a patch management process to detect vulnerable software within the infrastructure and promptly install security patches. Solutions like Kaspersky Next and Kaspersky Vulnerability Data Feed can assist in this regard.
  • Conduct regular security assessments to identify and patch vulnerabilities before they become an entry point for an attacker.
  • To protect the company against a wide range of threats, use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, and the and the investigation and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements change.

Also readUnveiling the Ethical Imperatives: Navigating the Intersection of AI and Cybersecurity

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.