In 2017, there had been about 25,000 malwares that targeted Linux OS (Operating System). Although number of weak spots of Linux OS continues to increase, patches for these weak spots are not taking places on right time. Preparation of measures is urgent as situations similar to Internet Nayana situation and a paralysis situation in Atlanta can happen again.
A web-hosting company called Internet Nayana was hacked and infected with Linux ransomware on the 10th of June of last year and it had to pay enormous amount of ransom of $1.17 million (1.3 billion KRW). Although it has been more than a year since 5,496 homepages were suspended as 153 servers that were hosted by Internet Nayana were infected with ransomware, security of Linux OS in South Korea is still indifferent.
According to Korea Trend Micro, there were 25,895 Linux malwares that were reported last year. After number of Linux malwares increased rapidly to 5,721 in June of last year when Internet Nayana situation took place, more than 1,000 Linux malwares were reported every month since then. Weak points of Linux OS are also reported continuously. According to 1Q 2018 Cyber Threat Trending Report put out by KISA (Korea Internet & Security Agency), there are 169 weak spots of Linux OS. Because patches are not taking places even when number of weak spots continues to increase, companies are still exposed to cyber threats.
According to Shodan that searches for weak systems, South Korea is placed on the 8th place out of top 10 countries that have yet to patch the worst security weak spot called ‘Heartbleed (CVE-2014-0160)’ that was found in April of 2014. Although there are many weak spots of Linux server, its updates do not take place on right time due to availability. Hackers can still target servers with known weak spots, infect servers with ransomwares, and request ransoms.

Photo Image
<Trend of Linux malwares in 2017 (Reference: Trend Micro)>

More South Korean companies and organizations are using Linux server that has low operation cost and high degree of freedom when it comes to application of technologies. It is being used a lot in many different fields such as production, manufacturing, and finance. It is expected that more companies and organizations will use Linux server as it is seen as a platform for IoT (Internet of Things), AI (Artificial Intelligence), Big Data, and Cloud. Number of cyber attacks has increased at the same time as number of companies and organizations that use Linux server has increased.
Although number of Linux malwares continues to increase, security patches and vaccines for Linux server are not taking places on right time. Some companies and public organizations installed open-source vaccines into Linux server. They have introduced temporary measures without taking any systematic measure.
“SamSam ransomware attack that paralyzed Atlanta in March can also happen to local governments in South Korea.” said President Park Sang-hyun of Korea Trend Micro. “Citizens can experience inconvenience as cities can be paralyzed for more than a week just like Atlanta.”
“Rather than depending on an outside network security when managing large number of Linux servers with one data center, we need to install vaccines for Linux servers and host firewalls to prevent second Nayana situation.” said President Park. “We also suggest virtual patches that patch up securities without stopping operation of servers.”
Staff Reporter Kim, Insoon |