Trend Micro: Ransomware Attacks on Linux Systems to Increase by 75%

Global cybersecurity provider Trend Micro predicts that Linux servers and embedded systems will be an increasing target for ransomware groups in the years to come. In the first half of 2002, the firm recorded a double-digit year-on-year (YoY) increase in attacks on these systems. That’s 52% more threats in the first half of the year than the same period in 2021. Three top sectors are targets of malware include: government, manufacturing and health care.

New ransomware groups are emerging all the time. The most notable one in the first half of 2022 was Black Basta. The group hit 50 organizations in just two months. Many persist with the “big game-hunting” of large enterprises, although SMBs are an increasingly popular target.

One of the primary attack vectors for ransomware is vulnerability exploitation. Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the period, a 23% year-over-year increase. The number of critical bug advisories published soared by 400% YoY.

Increase in Detection

Jon Clay is VP of threat intelligence for Trend Micro, which blocked 63 billion threats in the first six months of 2022.

“New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision,” Clay said. “That’s why it’s essential that organizations get better at mapping, understanding and protecting their expanding digital attack surface. A single, unified cybersecurity platform is the best place to start.”

Detection of attacks from ransomware-as-a-service surged in the first half of 2022. Major players like LockBit and Conti were detected with a 500% YoY increase nearly doubled the number of detections in six months, respectively. The ransomware-as-a-service model has generated significant profits for ransomware developers and their affiliates.

However, APT groups continue to evolve their methods by employing expansive infrastructure and combining multiple malware tools. The ten-fold increase in the number of detections is more proof that threat actors are increasingly integrating Emotet. They’ve made it part of their elaborate cybercrime operations.

The concern is that threat actors can weaponize these flaws. They can do so faster than vendors can release patch updates and/or customers – often with help from channel partners – can patch them.

Unpatched vulnerabilities add to a growing digital attack surface many organizations are struggling to manage securely. This is as the hybrid workplace expands their IT environment. Over two-fifths (43%) of global organizations believe it is “spiraling out of control.”

Cloud visibility is particularly important given the continued threat of third parties exploiting misconfigured environments and using novel techniques like cloud-based crypto mining and cloud tunneling. Threat actors frequently abuse the latter to route malware traffic or host phishing websites.