Home STAY CURRENTArticles A Report on the Upcoming Trends in Cyberthreats

A Report on the Upcoming Trends in Cyberthreats

by CISOCONNECT Bureau

Recently, Sophos released the 2022 Threat Report with significant implications for IT security. Read on to know more…

Sophos recently released the 2022 Threat Report, which shows how the ransomware’s black hole is attracting other cyberthreats to form one massive, interconnected ransomware delivery system — with serious ramifications for IT security. The report, which was released by SophosLabs security researchers, Sophos Managed Threat Response threat hunters and rapid responders, and the Sophos AI team, offers a unique multi-dimensional perspective on the security risks and trends that organizations will face in 2022.

The following key trends are analyzed in the Sophos 2022 Threat Report:

* The ransomware landscape will grow more modular and consistent in the coming year, with attack “specialists” offering different elements of an attack “as-a-service” and providing playbooks with tools and techniques that allow different adversary groups to carry out very identical attacks. Attacks by single ransomware groups gave way to more Ransomware-as-a-Service (RaaS) offers in 2021, according to Sophos researchers, with specialist ransomware developers focusing on hiring out malicious code and infrastructure to third-party affiliates. RaaS was used in some of the most high-profile ransomware attacks of the year, including a cyberattack on Colonial Pipeline in the United States by an DarkSide affiliate. The implementation guide provided by the operators was disclosed by an affiliate of Conti ransomware, showing the step-by-step tools and techniques that attackers could use to deploy the ransomware.

* RaaS affiliates and other ransomware operators can use Initial Access Brokers and malware delivery platforms to find and target potential victims once they have the malware they require. Sophos foresees a second major trend as a result of this.

* Ransomware attackers use of different forms of extortion to coerce victims into paying the ransom is predicted to continue and intensify. In 2021, Sophos incident responders catalogued ten different types of pressure tactics, ranging from data theft and exposure to threatening phone calls, Distributed Denial of Service (DDoS) attacks, and more.

* Cybercrime such as ransomware and malicious cryptomining will continue to be fueled by cryptocurrency, according to Sophos, until global cryptocurrencies are better regulated. During the year 2021, Sophos researchers uncovered cryptominers like Lemon Duck and MrbMiner, which takes advantage of newly reported vulnerabilities and targets already breached by ransomware operators to install cryptominers on computers and servers.

Chester Wisniewski, Principal Research Scientist at Sophos, said “Ransomware thrives because of its ability to adapt and innovate,”

“For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators. They’re now offloading to others the tasks of finding victims, installing and executing the malware, and laundering the pilfered cryptocurrencies. This is distorting the cyberthreat landscape, and common threats, such as loaders, droppers, and Initial Access Brokers that were around and causing disruption well before the ascendancy of ransomware, are being sucked into the seemingly all-consuming ‘black hole’ that is ransomware.

“It is no longer enough for organizations to assume they’re safe by simply monitoring security tools and ensuring they are detecting malicious code. Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window. Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks.”

Additional Threats
After the ProxyLogon and ProxyShell vulnerabilities were discovered and patched in 2021, the speed with which attackers exploited them was such that Sophos expects both sophisticated attackers and run-of-the-mill cybercriminals to continue attempting to mass-abuse IT administration tools and exploitable internet facing services.

Cybercriminals also boost their abuse of adversary simulation tools like Cobalt Strike Beacons, mimikatz, and PowerSploit, according to Sophos. Every alert relating to abused legitimate tools or combinations of tools should be checked by defenders, just as they would check a malicious detection, because it could indicate the presence of an intruder in the network.

Sophos researchers identified a number of new threats targeting at Linux systems in 2021, and they foresee a growing interest in Linux-based systems in 2022, both in the cloud and on web and virtual servers.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads