Sure, it’s from the 1980’s, but gee it’s very interesting: https://www.nsa.gov/about/_files/cryptologic_heritage/center_crypt_history/publications/learning_from_the_enemy_the_gunman_project.pdf
80%. Really. And here are the reasons they gave: Linux servers are preferred by budget cloud hosting providers for their low cost (free) and flexibility. These providers do not provide security services and largely cater to amateur web enthusiasts. Linux servers are undefended. Linux administrators and server operators have the perception that Linux is immune […]
Cite: https://blog.malwarebytes.org/malvertising-2/2015/10/angler-exploit-kit-blasts-daily-mail-visitors-via-malvertising/ And, it was being displayed on the home page of the site. Affected users were exposed to the Angler Exploit Kit and from there Cryptowall ransomware.
Cite: https://nakedsecurity.sophos.com/2015/10/08/the-malicious-side-of-online-ads-how-unpatched-servers-hurt-us-all/ It’s hard to believe that an ad server could remain unpatched for *two years*. Laziness, pure and simple.