The malware ecosystem is a complex environment. Criminals must acquire victims, develop scams and figure out the most effective way to turn that activity into cash. Most Internet crimes are opportunistic, meaning that online attacks are best operated as a high-volume business.
The keys to profitability are the ability to exploit a high percentage of potential victims, being able to cast a wide net to gather said victims, and some sort of payload that can steal information or extort money from a victim.
In research conducted in February 2015 at SophosLabs in Vancouver, Canada, we found that Linux machines represented approximately 80% of the 178,635 newly malicious websites discovered by Sophos during that week. This compares to approximately 73% of all websites being served by non-Windows servers.
Why should this be the case? What leads Linux to be such an integral part of malware distribution?
Linux is widely considered to provide a higher level of security than traditional operating systems.
As a result, security tools such as anti-virus software are often ignored on the Linux platform.
However, Linux is increasingly popular with attackers, because Linux systems are often used for critical roles such as developer workstations, web servers and internal file servers.
A new study from the Centre for Economics and Business Research (CEBR) has found that data breaches are costing UK businesses £34 billion a year. The report suggests this is made up of £18 billion in lost revenue and £16 billion in added security measures after breaches have occurred.
It’s the same the world over. According to a 2015 Ponemon Institute study commissioned by IBM, the global average cost of a data breach to an organization has reached $3.8 million – on average, $154 for every single compromised record. It’s significantly higher in the US and Germany, where the costs are $217 and $211 per compromised record, respectively. These are quite staggering figures.
Now, it’s not uncommon for companies who sell cybersecurity services like IBM and Sophos to talk big numbers like this. After all, clearly we think it’s good to see businesses are investing in doing something about this problem. But you do have to wonder if those billions are being spent effectively. As leaders in the security industry, we have a crucial role to play to ensure they are. We need to deal with the growing complexity of threats without introducing more complex solutions, and cost.
Recently we asked a bunch of IT professionals if they install antivirus on their servers. Their answers were quite surprising.
Out of 486 IT professionals we surveyed, only 284 (58%) said they run antivirus on both Windows and Linux servers.
The rest said they either don’t bother with antivirus on Linux servers (34%), or don’t run antivirus on any servers at all (8%).
If you couldn’t make it to San Francisco for RSA Conference, we’re bringing you great content and news from the event on our blogs and social media channels.
We also broadcasted from RSA via podcast – bringing you the expert opinions of our top security gurus, who took time away from their presentations and booth talks to reflect on the interesting themes and serious discussions happening at the conference.
There’s so much going on in the security world, and Sophos experts cut through the noise succinctly and intelligently in our (brief, informative, fun) podcasts.
We are well into the 21st century, but it is astonishing how people can still believe that Linux-based operating systems are completely secure. Indeed, “Linux” and “security” are two words that you rarely see together.
Just as some people believe Macs are immune to viruses, some Linux users have the same misconception – and who can blame them? After all, vendors have been telling them that for years.
In 2012, after an exponential rise of OS X malware (such as MacDefender and Flashback), Apple decided to change its homepage by removing sentences like “It doesn’t get PC viruses.”
In the last couple of days, a widespread Linux vulnerability known as GHOST has been receiving a lot of attention in the security community. In theory, this vulnerability can allow an attacker to remotely execute code on a Linux computer. There is already proof of concept code that puts this theory into practice, and it is expected that real world attacks are just around the corner.
The Sophos product teams have been thoroughly investigating to determine which of our products are affected and what is necessary to address those that are.