A detailed report to guide IT security teams on upcoming cyber threat trends – Manila Bulletin


Sophos, a global leader in next-generation cybersecurity, recently released the Sophos 2022 Threat Report, which shows how the gravitational pull of the ransomware black hole draws in other cyber threats to form a massive, interconnected ransomware delivery system. , with important implications for computer security. . The report, authored by security researchers at SophosLabs, threat hunters and rapid responders at Sophos Managed Threat Response, and the Sophos AI team, offers a unique multi-dimensional perspective on the security threats and trends facing businesses. faced in 2022.

The Sophos 2022 Threat Report analyzes the following key trends:

1. Over the coming year, the ransomware landscape will become both more modular and more uniform, with attack “specialists” offering different elements of an attack “as a service” and providing how-to manuals. game with tools and techniques allowing different groups of opponents to implement very similar attacks. Attacks by single ransomware groups have given way to more ransomware-as-a-service (RaaS) offerings in 2021, with specialist ransomware developers focusing on leasing code and software, say Sophos researchers. malicious infrastructure to third party affiliates. Some of the most high-profile ransomware attacks of the year involved RaaS, including an attack on Colonial Pipeline in the United States by a DarkSide subsidiary. A subsidiary of Conti ransomware has leaked the implementation guide provided by the operators, revealing the step-by-step tools and techniques attackers could use to deploy the ransomware.

Once they have the malware they need, RaaS affiliates and other ransomware operators can turn to initial access brokers and malware delivery platforms to find and target victims. potential. This fuels the second major trend anticipated by Sophos.

2. Established cyber threats will continue to adapt to distribute and spread ransomware. These include loaders, droppers and other basic malware; increasingly advanced and human-run initial access brokers; Spam; and adware. In 2021, Sophos reported that Gootloader was operating new hybrid attacks that combined mass campaigns with careful filtering to identify targets for specific malware groups.

3. The use of multiple forms of extortion by ransomware attackers to pressure victims into paying the ransom should continue and increase in scope and intensity. In 2021, Sophos incident responders listed 10 different types of pressure tactics, ranging from data theft and exposure to threatening phone calls, distributed denial of service (DDoS) attacks, and more again.

4. Cryptocurrency will continue to fuel cybercrimes such as ransomware and malicious cryptomining, and Sophos expects the trend to continue until global cryptocurrencies are better regulated. In 2021, Sophos researchers discovered cryptominers such as Lemon Duck and the less common, MrbMiner, taking advantage of the access provided by newly reported vulnerabilities and targets already breached by ransomware operators to install cryptominers on computers and servers.

“Ransomware thrives on its ability to adapt and innovate,” said Chester Wisniewski, principal researcher at Sophos. “For example, although RaaS offerings are not new, in previous years their main contribution was to put ransomware within the reach of less skilled or less well-funded attackers. That has changed, and in 2021 RaaS developers are investing their time and energy in creating sophisticated code and figuring out how best to extract the biggest payouts from victims, insurance companies, and negotiators. They now offload the tasks of finding victims, installing and executing malware, and laundering stolen cryptocurrency to others. This distorts the cyber threat landscape, and common threats, such as early access loaders, droppers and brokers that existed and caused disruption long before the rise of ransomware, are sucked into the seemingly consuming “black hole”. what is ransomware. .

“It is no longer enough for organizations to assume they are secure by simply monitoring security tools and ensuring they detect malicious code. Some combinations of detections or even warnings are the modern equivalent of a burglar smashing through a flower vase while climbing out the back window. Defenders should investigate alerts, even those that in the past might have been insignificant, as these common intrusions have grown to take over entire networks.

Additional trends analyzed by Sophos include:

  • After the ProxyLogon and ProxyShell vulnerabilities were discovered (and patched) in 2021, the rate at which they were seized by attackers was such that Sophos expects to see continued attempts to mass abuse administrative tools. computer and internet services exploitable by the two sophisticated attackers. and ordinary cybercriminals
  • Sophos also expects cybercriminals to increase their abuse of adversary simulation tools, such as Cobalt Strike Beacons, mimikatz and PowerSploit. Defenders should check every alert for legitimate tools or a combination of abused tools, just as they would check for a malicious detection, as this could indicate the presence of an intruder in the network.
  • In 2021, Sophos researchers detailed a number of new threats targeting Linux systems and expect to see growing interest in Linux-based systems in 2022, both in the cloud and on web and virtual servers. .
  • Mobile threats and social engineering scams, including Flubot and Joker, are expected to continue and diversify to target both individuals and organizations
  • The application of artificial intelligence to cybersecurity will continue and accelerate, as powerful machine learning models prove themselves in detecting threats and prioritizing alerts. At the same time, however, adversaries are expected to increasingly use AI, shifting over the next few years from AI-enabled disinformation campaigns and spoofed social media profiles to point of view attack web content. water, phishing emails and more as an advanced deepfake video. and text-to-speech technologies become available

To learn more about the threat landscape in 2021 and what it means for IT security in 2022, read the full Sophos 2022 threat report.



Comments are closed.