Cybercriminals will not slow down in 2022, and it will not be easier for companies and private users to defend themselves against their activities than it was last year. What deserves special attention?

{{s: 251727} Attacks on Linux

Until recently, Linux was out of interest for cybercriminals. However, this is starting to change. At the moment, attacks on this system and the applications running on it are as common as attacks on systems from the Windows family.

Check also:

This is a problem for many companies that are used to defending against attacks against Windows systems but have never looked at Linux from a malware protection standpoint. The severity of the situation is due to the fact that Linux environments often contain application credentials, certificates, usernames and passwords, says Derek Manke, head of security insights and global threat alliances at FortiGuard Labs, Fortinet.

Attacks on satellite networks

With the increase in the number of connections using satellite internet already offered by many providers, the potential for new exploits targeting these networks will also be greater. Companies that rely on satellite communication to eliminate data latency will be the main targets of attacks. This is important, for example, in online gaming, the provision of mission-critical services in remote locations, utilities, and the transportation industry. The interest of criminals in these areas means that the potential scope of the attack will increase again, as companies use satellite networks to connect previously unconnected systems, such as remote devices used in operational technology (OT) environments.

Attacks on cryptocurrency wallets

More and more types of malware are able to steal cryptocurrency wallet credentials, such as Bitcoin private keys, wallet addresses, and other vital information. These types of attacks are often launched by a phishing campaign that uses the classic social engineering tactics of attaching a malicious Microsoft Word document to an email message.

An example of a tool targeting cryptocurrency wallets is also a new remote access Trojan (RAT) called ElectroRAT. It combines social engineering with custom cryptocurrency applications, and provides keylogging (capturing characters typed using the keyboard), taking screenshots, uploading and downloading files, and executing commands.

Attacks on Industrial Systems and Infrastructure (OT)

Ransomware attacks are increasingly targeting critical infrastructure, and the term “killware” is used to describe the nature of some of these incidents. While these attacks do not necessarily pose an immediate threat to human life, the use of the term is valid because malware that disrupts hospitals and other critical infrastructure has a direct impact on people.

Cybercriminals carry out attacks on operational technology infrastructure in a way that has a significant impact on the physical world. The near-global convergence of IT and operational networks makes it easy for them to access critical systems through home networks and remote worker devices. An additional risk factor is the fact that criminals do not need specific technical knowledge of ICS and SCADA systems, as attack tools can be purchased from the Darkweb.

Attacks on the edge network infrastructure

The increase in the number of people working remotely has exposed corporate network infrastructure to many of the threats traditionally found in home networks. The greater expanse of the edge of the network infrastructure means that more places are created where “living off the ground” threats can be hidden. Criminals using this technique use malware based on pre-existing harmless toolkits, making their attacks appear as normal system activity. These types of attacks can also be combined with edge-reaching Trojans (EATs). Anti-detection malware in high-end environments can use local resources to monitor activities and data at the network edge and then steal or encrypt it and demand a ransom to regain access.

Protection from new and old threats

Companies should definitely prioritize strengthening security systems based on both Linux and Windows. When implementing new solutions, companies should be guided by safety in the first place. Before adding new types of connection, for example via satellite, make sure that they are adequately protected. It must also be remembered that cybercriminals use the chosen tactic as long as it brings benefits. Defending against new and known threats requires an integrated approach to security. In order to fight them, you need to use a protective platform that is designed in conjunction with its individual elements.