Trend Micro warns on the increase in ransomware attacks on Linux systems.

Source – Shutterstock

As Linux systems are more widely used, ransomware attacks also rise in frequency

  • Trend Micro stopped 63 billion attacks in the first half of 2022
  • Ransomware-as-a-service attacks were increasingly identified in the first half of 2022

Cybercriminals are drastically broadening their attack surface and introducing malware that targets Linux operating systems in order to have the greatest impact with the least amount of effort.

While Windows systems are the target of 85% of ransomware attacks, Linux is gaining popularity as a target due to the high value of the devices it powers, specifically servers that manage government and enterprise networks, web services, and sizable databases owned by companies that can afford to pay to have operations and crucial data restored after an attack.

However, given how widely used Linux systems are becoming, that figure might rise. In the upcoming years, ransomware gangs will progressively target Linux servers and embedded systems, according to Trend Micro Incorporated, a global leader in cybersecurity. In the first half of 2022, it observed a double-digit YoY increase in attacks on these systems.

According to Trend Micro’s Tony Lee, Head of Consulting, Hong Kong & Macau, new and emerging threat organizations continue to develop their business models and target their attacks with ever more accuracy.

‚ÄúThat’s why it’s essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface. A single, unified cybersecurity platform is the best place to start,” he added.

Ransomware attacks running rampant on Linux systems

Trend Micro found that 63 billion threats were stopped by the company in the first half of 2022 from the data it uncovered. Government, industry, and healthcare are the top three industries attacked by malware, and the first half of this year saw 52% more attacks than the same period in 2021.

In the first half of 2022, attacks using ransomware-as-a-service were increasingly detected. It’s interesting to note that over 1,200 victim companies and 67 active RaaS and extortion groups were recorded in the first half of 2022, according to data acquired by Trend Micro.

Detections of significant players like LockBit and Conti increased by 500% YoY and nearly doubled in just six months, respectively. For ransomware creators and their affiliates, the ransomware-as-a-service business model has brought in considerable revenues.

Every day, new ransomware gangs pop up. Black Basta will be the most notable throughout the first half of 2022. 50 organizations were reached by the group in just two months. Despite the fact that SMBs are becoming a more and more popular target, many people continue with the “big game-hunting” of large corporations.

Vulnerability exploitation is one of the main attack methods for ransomware. 944 vulnerabilities were the subject of warnings from Trend Micro’s Zero Day Initiative during the period, a 23% YoY increase. The number of published critical bug advisories increased by 400% year over year.

APT groups use a large infrastructure and a variety of malware tools to continuously improve their techniques. Another indication that threat actors are increasingly incorporating Emotet into their complex cybercrime operations is the ten-fold increase in detection rates.

Threat actors being able to weaponize these issues faster than vendors can release patch updates or customers can patch them is a source of concern.

As the hybrid workplace grows their IT infrastructure, unpatched vulnerabilities add to a growing digital attack surface that many enterprises are unable to manage safely. 43% of international organizations say it is “spiring out of control” and that this is the case.

Given the ongoing risk of outside parties taking advantage of poorly designed infrastructures and adopting cutting-edge methods like cloud-based crypto mining and cloud tunneling, cloud visibility is especially crucial. Threat actors commonly employ the latter to host phishing websites or redirect malware traffic.