Content, Content

Ransomware Report: Hijackers Eyeing Linux Servers, Embedded Systems

Vector illustration.

Expect ransomware groups to zero in on Linux servers and embedded systems in the coming years, building on a double-digit year-over-year bump on these targets in the first half of 2022, security software provider Trend Micro said in its Midyear Roundup Report.

Here are five key findings from Trend Micro's data:

  1. 63 billion threats blocked by Trend Micro in 1H 2022. 52% more threats in the first half of the year than the same period in 2021.
  2. Government, manufacturing and healthcare are the top three sectors targeted with malware.
  3. Detection of attacks from ransomware-as-a-service surged in the first half of 2022.
  4. Major players like LockBit and Conti were detected with a 500% YoY increase and nearly doubled the number of detections in six months, respectively.
  5. The ransomware-as-a-service model has generated significant profits for ransomware developers and their affiliates.

Research Findings: Ransomware and Threat Actor Attack Trends

And seven notable trends:

  1. The most notable of the new ransomware groups is Black Basta. The group has hit 50 organizations in just two months.
  2. While big targets are still favored, SMBs are an increasingly popular target.
  3. One of the primary attack vectors for ransomware is vulnerability exploitation. Trend Micro's Zero Day Initiative published advisories on 944 vulnerabilities in the period, a 23% YoY increase.
  4. The number of critical bug advisories published soared by 400% YoY.
  5. Threat actors are increasingly integrating Emotet as part of their elaborate cybercrime operations.
  6. Unpatched vulnerabilities add to a growing digital attack surface many organizations are struggling to manage securely as the hybrid workplace expands their IT environment. Over two-fifths (43%) of global organizations believe it is "spiraling out of control."
  7. Third parties exploiting misconfigured environments and using novel techniques like cloud-based crypto mining and cloud tunneling make cloud visibility all the more important.

Hackers Improve Attack Precision

New and emerging threat groups are directing their attacks with even greater precision, said Jon Clay, Trend Micro threat intelligence vice president. “That's why it's essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface,” he said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.