Ransomware groups will increasingly target Linux servers and embedded systems. These data come from the registry carried out by Trend Micro Incorporated, where a two-digit year-on-year increase in attacks on these systems is observed in the first half of 2022. And that is, 63,000M threats have already been blocked by the company in the first half of 2022. In addition, there were 52% more threats in the first half of the year than in the same period of 2021. “New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision. As such, it is essential that organizations get better at mapping, understanding and protecting their growing digital attack surface,” said Jon Clay, vice president of threat intelligence at Trend Micro.
In the first half of 2022, major players like LockBit and Conti were spotted with a 500% year-over-year increase. And it is that the threat model as a service has generated significant benefits for its developers and affiliates. The most notable ransomware group in the first half of 2022 was Black Basta. The group attacked 50 organizations in just two months. Many persist in the “big game” hunt for large companies, although SMEs are an increasingly popular target.
Trend Micro warns of a 75% increase in Linux ransomware attacks due to increased system adoption
One of the main threat attack vectors is the exploitation of vulnerabilities. Trend Micro’s Zero Day Initiative published advisories for 944 vulnerabilities in this period, an increase of 23% year over year. The number of published critical bug advisories soared 400% year over year.
For their part, APT groups continue to evolve their methods by employing an expansive infrastructure and combining multiple malware tools. Unpatched vulnerabilities add to a growing digital attack surface that many organizations are struggling to securely manage as the hybrid workplace expands its IT environment. More than two-fifths (43%) of global organizations believe it is “out of control”. Additionally, cloud visibility is especially important given the ongoing threat of third parties exploiting misconfigured environments and using novel techniques such as cloud-based cryptocurrency mining and cloud tunneling. The latter is frequently used by threat actors to direct malware traffic or host phishing websites.