SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shadowy figure cyberattack dark room computer digital streams security
#
Malware
#
Firewalls
#
DDoS

Cyber threats surge with rise in infostealers & Linux attacks

Tue, 22nd Jul 2025
Author image
By Melania Watson, Interview Editor

Barracuda Networks researchers have reported a notable rise in cyber threats over the past month, with substantial increases in infostealer attacks, threats targeting Linux servers, and suspicious login attempts to AWS consoles.

Infostealer attacks

Barracuda's SOC threat analysts identified a 35% increase in detections related to infostealer malware, which is used to steal credentials, hijack sessions, conduct cyber espionage, and facilitate data exfiltration. Interpol recently decommissioned 20,000 IP addresses linked to 69 infostealer variants.

The report outlined the primary methods through which infostealers are delivered.

Attack vectors include phishing emails urging users to click on malicious links or download infected attachments, drive-by downloads from websites, software exploits targeting unpatched vulnerabilities, and bundled software, especially pirated applications.

Specific signs pointing to infostealer activity within an organisation include sudden or unusual account activity, a surge in help desk requests linked to lost credentials, system slowdowns, and unexpected pop-ups or ads, which may signal malware presence.

"A robust endpoint security solution such as Barracuda Managed XDR Endpoint Security that can detect and block malware in real time is the best defence against infostealer malware."
"Enforce the use of multifactor authentication (MFA) to make it harder for attackers to breach accounts even if credentials are compromised. Implement security awareness training for employees on the latest phishing tactics and safe browsing. Implement advanced email security to detect and block phishing attempts before they reach users. Keep systems and software updated with the latest security patches. Prevent employees from downloading and installing pirate versions of applications to their work accounts."

Linux servers under threat

The report also indicated a 56% jump in attacks on Linux servers.

Among the reasons highlighted are a reported 3,300 new Linux vulnerabilities in 2025 alone, a 130% rise in the number of attacks over the previous year, and two critical vulnerabilities announced in June 2025. The widespread use of Linux systems for servers, cloud infrastructure, and IoT devices has contributed to these systems being frequently targeted.

Threats include malware attacks such as ransomware, rootkits, backdoors, distributed denial of service (DDoS) attacks, exploitation of unpatched software flaws, and the hijacking of server resources for unauthorised cryptocurrency mining.

Indicators of compromise might include traffic spikes to unfamiliar IP addresses, abnormal account behaviour, system slowdowns, and configuration changes to critical files.

"Keep systems, including operating systems, and software updated with the latest security patches. Implement firewalls to restrict access to critical services and monitor incoming and outgoing traffic for suspicious activity."
"Enforce strong password and authentication policies, and consider using key-based authentication for SSH (a cryptographic protocol for secure remote login) access to reduce the risk of brute-force attacks. Implement a robust backup and recovery plan to limit the operational impact and quickly restore services following an incident. Deploy an extended detection and response (XDR) solution - ideally covering endpoints, servers and networks - as this features intrusion detection systems (IDS) that monitor activity and alert administrators to potential threats in real time."

AWS login concerns

Analysts observed a 13% increase in suspicious login attempts to the AWS Management Console.

While smaller than the increases seen for other attack categories, these attempts present notable risks, including credential theft, brute-force attacks, phishing using social engineering, and potential account takeover. A successful breach could allow attackers to manipulate AWS resources, exfiltrate data, or use compromised accounts for additional attacks.

Warning signs include login attempts from unusual locations or IP addresses, a high number of failed logins, or sudden shifts in resource usage or account configurations.

"Enforce the use of strong passwords and multifactor authentication (MFA) to make it harder for attackers to breach accounts even if credentials are compromised. Implement security awareness training for employees on the latest phishing tactics and safe browsing. Continuously check for and correct misconfigurations in cloud service settings. Implement network segmentation, and restrict employees' access permissions to limit access to sensitive areas of the network. Deploy an XDR cloud security solution that will check regularly for unusual login activity and flag any suspicious events."

The report attributes these increases to a surge in cybercriminal activity targeting technological vulnerabilities and user awareness gaps, and outlines practical recommendations for organisations to reduce the risk of falling victim to such attacks.

Related stories
Exclusive: e2e-assure CEO on CNI defence from geopolitical cyberattacks
Industrial AI drives new approach to OT cyber security
Trend Micro warns firms on hidden risks of AI models
KYND: big firms leave critical cyber flaws unpatched
LF Energy audit boosts security of EVerest EV charging

Top stories

AI surge exposes cloud security gaps, report warns
Retail & wholesale hit by exposed shared credentials
Misconfigured cloud training labs open paths to attacks
CrowdStrike secures ISO 42001 AI governance standard
Privacy shifts from compliance checkbox to market edge