In 2022, threats are unlikely to slow down. If your network and security tools aren’t up to the task of protecting your organization now, it’s not going to be any better in 2022. If you’re still struggling to integrate and manage a collection of single purpose products, the resulting complexity and lack of visibility is likely to leave your organization at risk. Although no one can definitively predict the future, here are five up-and-coming threats we’re keeping an eye on at FortiGuard Labs.
1. Linux Attacks
Up until recently, Linux has been largely ignored by cybercriminals, but that’s changing. Because Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications, it’s becoming a more popular target for attackers. At this point, attacks against Linux operating systems and applications running on those systems are as prevalent as attacks on Windows operating systems.
Many organizations are used to defending against Windows attacks, but aren’t accustomed to keeping up with Linux from a defensive and malware analysis standpoint in comparison to Windows. Even worse, Linux environments often have valuable data like Secure Socket Shell (SSH) credentials, certificates, applications usernames, and passwords.
A malicious implementation of the Beacon feature of Cobalt Strike called Vermilion Strike can target Linux systems with remote access capabilities without being detected. Now that Microsoft is actively integrating Windows Subsystem for Linux (WSL) into Windows 11, it’s inevitable that malware will follow. WSL is a compatibility layer that is used for running Linux binary executables natively on Windows. An increase in botnet malware is being written for Linux platforms as well. Log4J is also a good example of a recent attack where we are seeing Linux binaries capitalize on the opportunity.
2. Satellite Network Attacks
As connectivity using satellite internet increases, the likelihood of new exploits targeting these networks will increase correspondingly. At this point, about a half dozen major satellite internet providers are already in place. The biggest targets will be organizations that rely on satellite-based connectivity to support low-latency activities, like online gaming or delivering critical services to remote locations, as well as remote field offices, pipelines, or cruises and airlines. This will also expand the potential attack surface as organizations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their interconnected networks.
3. Attacks Targeting Crypto Wallets
Crypto Wallets are a new risk as more malware designed to target stored information means attackers can steal credentials such as a bitcoin private key, bitcoin address, crypto wallet address and other significant information. They then can drain the digital wallet. Attacks often start as a phishing campaign that uses the classic strategy of attaching a malicious Microsoft Word document to a spam email. The malware is delivered by a Word document macro that is designed to steal crypto wallet information and credentials from the victims’ infected devices.
Along the same lines, a new fake Amazon gift card generator targets digital wallets by replacing the victim’s wallet with that of the attacker. And a new remote access trojan (RAT) called ElectroRAT targets cryptocurrency. It combines social engineering with custom cryptocurrency applications and has the ability to perform keylogging, take screenshots, upload and download files, and execute commands.
4. Attacks on OT Systems
Ransomware attacks are increasingly targeting critical infrastructure and the phrase “killware” has been used to describe some of these incidents. Although the attacks don’t necessarily target human lives directly, the term comes from the fact that malware that disrupts hospitals, pipelines, water treatment plants, and other critical infrastructure are different from regular exploits because of the direct impact they can have on people.
Cybercriminals may be moving away from smaller targets toward larger more public attacks that affect the physical world and a larger number of victims. The near-universal convergence of IT and operational technology (OT) networks has made it easier for attackers to access OT systems through compromised home networks and devices of remote workers. Adding to the risk is that fact that attackers no longer have to have specialized technical knowledge of ICS and SCADA systems because now they can buy attack kits on the dark web.
5. Attacks on the Edge
The increase in the number of people working remotely has exposed corporate networks to many of the threats to residential networks. The increase in network edges mean there are more places for “living off the land” type threats to hide. With this technique, attackers use malware made from existing toolsets and capabilities within compromised environments so their attacks and data exfiltration look like normal system activity. Living off the land attacks also may be combined with edge access trojans (EATs), so new attacks will live off the edge, not just the land. While avoiding detection, the malware located in these edge environments can use local resources to keep an eye on activities and data at the edge and then steal, hijack, or even ransom critical systems, applications, and information.
Protect Against Threats New and Old
To prepare for 2022, organizations should certainly make it a priority to harden both Linux and Windows-based systems. And when adopting new technology, organizations should always take a security-first approach, so before adding new connections such as satellite-based connectivity, make sure it’s protected. But you also need to keep in mind the fact that cybercriminals keep using tactics as long as they keep working. Along with preparing for new threats, you can’t forget about what’s already out there. Defending against both new and threats requires an integrated approach to security. To fight today’s evolving threats, organizations should look into a security platform based on a cybersecurity mesh architecture with security solutions that are designed to work together.
Learn more about upcoming cyber threat trends in the full Threat Predictions perspective from Fortinet’s FortiGuard Labs team.
Copyright © 2021 IDG Communications, Inc.