In 2022, Ransomware is still a big issue in 2022 at least according to Fortinet, a global leader in broad. Integrated, and automated cybersecurity solutions.
Fortinet’s threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable.
To protect against this broad scope of threats, organizations need to implement AI-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture allowing for much tighter integration, increased automation, as well as a more rapid, co-ordinated, and effective response to threats the extended network.
“Cybersecurity is a fast-moving and dynamic industry, but recent threat events show unparalleled speeds at which cyber adversaries are developing and executing attacks today. New and evolving attack techniques span the entire kill chain but especially in the weaponization phase, showing an evolution to a more advanced persistent cybercrime strategy that is more destructive and unpredictable,” said Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortiguard Labs.
Log4j Demonstrates Dramatic Speed of Exploit Organizations Face
The Log4j vulnerabilities that occurred in late 2021 demonstrate the rapidly increasing speed of exploit that cybercriminals are attempting to leverage to their advantage. Despite emerging in the second week of December, exploitation activity escalated quickly enough, in less than a month, to make it the most prevalent IPS detection of the entire second half of 2021.
In addition, Log4j had nearly 50x the activity volume in comparison to the well-known outbreak, ProxyLogon, that happened earlier in 2021. The reality is that organizations have very little time to react or patch today given the speeds that cyber adversaries are employing to maximize fresh opportunities. Organizations need AI and ML-powered intrusion prevention systems (IPS), aggressive patch management strategies, and the threat intelligence visibility to prioritize those threats propagating most quickly in the wild to reduce overall risk.
Adversaries Rapidly Targeting New Vectors Across the Attack Surface
Some lesser or low-lying threats have the potential to cause bigger problems in the future and are worthy of watching. An example is newly crafted malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications, and it is becoming a more popular target for attackers. In fact, the rate of new Linux malware signatures in Q4 quadrupled that of Q1 2021 with ELF variant Muhstik, RedXOR malware, and even Log4j being examples of threats targeting Linux. The prevalence of ELF and other Linux malware detections doubled during 2021. This growth in variants and volume suggests that Linux malware is increasingly part of adversaries’ arsenal. Linux needs to be secured, monitored and managed as any other endpoint in the network with advanced and automated endpoint protection, detection and response. In addition, security hygiene should be prioritized to provide active threat protection for systems that may be affected by low-lying threats.
Botnet Trends Show a More Sophisticated Evolution of Attack Methods
Threat trends demonstrate that botnets are evolving to adopt newer and more evolved cybercriminal attack techniques. Instead of being primarily monolithic and focused mostly on DDoS attacks, botnets are now multipurpose attack vehicles leveraging a variety of more sophisticated attack techniques, including ransomware. For example, threat actors, including operators of botnets like Mirai, integrated exploits for the Log4j vulnerability into their attack kits. Also, botnet activity was tracked associated with a new variant of the RedXOR malware, which targets Linux systems for data exfiltration. Detections of botnets delivering a variant of RedLine Stealer malware also surged in early October morphing to find new targets using a COVID-themed file. To protect networks and applications, organizations must implement zero trust access solutions to provide least access privileges especially to secure IoT endpoints and devices entering the network as well as automated detection and response capabilities to monitor anomalous behavior.
Fortinet are part of the Cloud and Security Summit and will talk more about ransomware in 2022. To be part of the event register here.