Why Linux Saw A Massive Rise In Malware Attacks Last Year

Linux used to be considered fairly safe from malware. Few, if any, threat actors targeted the Unix-based operating system. That’s changing rapidly, though, as reports indicate malware for Linux increased by 35 percent in 2021, compared to the previous year.

Linux is commonly used for Internet of Things (IoT) devices. With more people adopting IoT in the form of their smart home devices, there’s a much broader target base than when Linux was just for hobbyists and servers.

According to one security blog, 2021 saw Linux devices attacked mainly by three malware families: XorDDoS, Mirai, and Mozi. These allow vulnerable Internet-connected devices to be gathered into botnets, which then perform distributed denial of service (DDoS) attacks to take down the bigger fish.

These three varieties of malware accounted for 22 percent of all Linux-based IoT malware in 2021. Linux Trojan XorDDoS saw a 123 percent increase in samples compared to 2020. Mozi, for its part, grew 10 times more prevalent.

Finally, Mirai variants grew by as much as 83 percent in 2021. Mirai is considered the common ancestor for Sora (up 33 percent), IZIH9 (39 percent) and Rekai (the 83 percent increase).

Attacks on Linux-based devices were mainly used for DDoS attacks, but there is another way malicious actors used the systems. Often, the botnets are also used to mine cryptocurrency, a problem that isn’t liable to go away anytime soon.

Crowdstrike actually expects more than 30 million IoT devices to be connected to the Internet within three years. That’s a huge number of potential targets, highlighting a definite need to better secure our smart home technology.