Cybercriminals double exploitation of Linux vulnerabilities
The number of attacks with exploits increased by the end of 2023–2024, compared to the beginning of the last year, Kaspersky finds. Although there has been a slight decrease in 2024, the trend persists due increasing popularity of Linux systems. In 2023, critical vulnerability registrations surged 3 times compared to 2019-2022 average.
Exploits are programs designed to leverage various vulnerabilities in cyberattacks. Latest Kaspersky Security Network data reveals an increase in attacks with exploits against Linux users. The research indicates the peak was in Q4 2023, while overall trend for growth is persisting in 2024, with an insignificant decline in Q1. In January-March 2024, there has been a nearly 130 percent increase in attacks on Linux users employing various exploits and vulnerabilities compared to the same period last year.
Share of Linux users, protected by Kaspersky solutions and facing vulnerability exploits in 2023-2024. Q1 2023 figures are 100%.
Linux is gaining traction the desktop operating system market. According to Statcounter, its market share has grown, and the number of users increased. “This trend quite accurately explains the growing threat landscape we witness for Linux. In the future, the number of exploits and attacks is likely to grow even more, underscoring the vital need for installation of patches and having a reliable security solution,” says Alexander Kolesnikov, a security expert at Kaspersky. “The greatest value for exploit developers lies in vulnerabilities within software that grant control over a user’s system.”.
Critical vulnerability registrations rise over the last four years
Kaspersky recorded a 65 percent increase in the number of registered CVEs (Common Vulnerabilities and Exposures) over the last four years, from 15,000 in 2019 to 25,000 in 2023. Moreover, during the last year, researchers and companies logged critical vulnerabilities three times more frequently than the research period average. The annual average of critical vulnerabilities registrations from 2019 to 2022 was 413, which spiked to the absolute number of registrations of 1213 in 2023.
New CVEs with the share of critical vulnerabilities, 2019-2023. Source: cve.mitre.org
Learn more on Securelist. To ensure corporate cybersecurity, companies are recommended to follow this advice:
- Thoroughly understand your infrastructure and closely monitor its assets, with particular focus on the perimeter.
- Implement a Patch Management process to detect vulnerable software within the infrastructure and promptly install security patches. Solutions like Kaspersky Endpoint Security and Kaspersky Vulnerability Data Feed can assist in this regard.
- Conduct regular security assessments to identify and patch vulnerabilities before they become an entry point for an attacker.
- To protect the company against a wide range of threats, use solutions from Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Cybercriminals double exploitation of Linux vulnerabilities
Kaspersky
Related Articles Press Releases
Kaspersky releases ESG report for H2 2022-2023
In its new Sustainability report for H2 2022 and 2023, Kaspersky reveals the key results of the company’s sustainable development initiatives and projects in the respective period. The report encompasses five strategic areas identified as the company's ESG priorities: namely safer cyberworld, future tech, safer planet, people empowerment, and ethics and transparency.Read More >Kaspersky’s award-winning Security Awareness now offered on-premises
A large number of companies around the world have introduced strict security policies that do not allow cloud cybersecurity training solutions due to their infrastructure, regulation and compliance, or levels of confidentiality. To help these customers enhance the cybersecurity skills of their employees, Kaspersky has introduced an on-premises model of its award-winning Kaspersky Automated Security Awareness Platform (ASAP). With the power to operate without the use of the internet, the platform offers companies full control over their data and infrastructure.Read More >Longest cyberattacks: experts highlight trusted relationships as key vector
In 2023, more than 1/5 of cyberattacks persisted for over a month, the annual Kaspersky Incident Response 2023 report has revealed, with trusted relationships emerging as one of the main attack vectors in these prolonged cases. The report draws on the results of Kaspersky's cyberattack investigations throughout the year, gathered when supporting organizations seeking incident response assistance or when hosting expert events for their internal incident response teams.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.