Hunting rifle targeting of malware is the infosec fear of 2022: Sophos • The Register

Future malware and ransomware infections will consist of “shotgun attacks with precise targeting,” according to the Sophos Threat Report 2022.

As if that weren’t enough, UK infosec biz believes that established core malware attacks will eventually deliver more and more ransomware, while the extortion tactics used by ransomware gangs will become more diverse and more diverse. intense – with the aim of encouraging victims to hand over money.

“Ransomware thrives on its ability to adapt and innovate,” Sophos senior researcher Chester Wisniewski said in a statement. “For example, while RaaS offerings aren’t new, in previous years their primary contribution was to put ransomware within reach of less skilled or less well-funded attackers. “

The near-ubiquitous cyber threat recently made headlines, following US awards totaling millions of dollars for information leading to the arrest and conviction of some high-profile ransomware gangs. In addition to this, police forces in many countries – notably that of Ukraine – have arrested people suspected of belonging to gangs.

Ransomware aside, Sophos said 2022 would see re-runs of the ProxyLogon and ProxyShell attacks where vulnerabilities in widely used IT products and services would be instantly attacked by criminals and nation states. The company expects to see “growth [criminal] interest in Linux-based systems in 2022, both in the cloud and on web and virtual servers. “

Targeted shotgun attacks, as Sophos described them, can also increase. The company used the Gootloader attacks as an example, highlighting how malicious websites were pushed to the top of Google search results rankings by crimes. The filtering of brands that clicked on these malicious links excluded those that were not running certain combinations of operating systems and browsers.

“SophosLabs believe this may represent a new way for malware distributors to thwart malware researchers while giving themselves greater certainty that their malware is going to a subset of victims who may be more desirable than the general population, ”the company concluded.

Anti-scanning techniques in themselves are not new: In September, Kaspersky highlighted how FinFisher spyware incorporated multiple techniques intended to frustrate researchers examining how malware worked. Sophos, however, pointed out that in some of the email spam campaigns he observed, the only decoy was a phone number; human telephone operators then “perform a kind of psychological profiling on the caller, in order to determine if he is likely to be a real victim”.

Linux and virtualized systems could also be at greater risk in 2022, according to Sophos, with the firm warning: “Ransomware we encountered in 2021 targeted the VMware ESXi platform and came in the form of a Python script which, when run on a hypervisor, shuts down all running virtual machines, then encrypts the datastore where virtual hard disks and other configuration files are kept on the hypervisor. “

Mind-blowing stuff – and the above incident happened at a company in the “logistics and shipping industry” during this year. The RansomEXX Trojan, which targets VMware ESXi hypervisors, was spotted by Sophos in June 2021 after an attack on another ESXi hypervisor “operated by a large commercial bakery”.

Threats, they evolve. The old belief that your organization is too small, obscure, or low-income to target is dangerous these days – so keep your defenses up. ®

About Jon Moses

Check Also

Intel promises “substantial contributions” to the growth of RISC-V • The Register

Analysis Here’s something that would have seemed odd just a few years ago: to help …

Leave a Reply

Your email address will not be published.