Ransomware has become one of the top threats in the cybersecurity world. As the relentless ransomware attacks display no signs of slowing down, the business model has undergone certain changes that will move on to the future. Sophos has released its 2022 Threat Report that analyzes trends and threats faced by organizations in the coming year.
Diving into the details
The RaaS model has changed the ransomware landscape and it is anticipated that it will become modular and uniform with attack specialists providing multiple kinds of ‘as-a-service’ offerings.
Dropper, loaders, initial access brokers, adware, and spam, among other established cyberthreats, will expand and adjust to the ever-evolving cyberthreat landscape. This trend was first observed in Gootloader that adopted a hybrid attack model.
Multiple extortion tactics are expected to rise in intensity and range. Sophos cataloged 10 different types of pressure tactics.
Cryptomining activity is to continue as cryptocurrency rises in popularity. Just recently, scammers were found weaponizing Google Ads to steal cryptocurrency wallets. In only a matter of days, more than $500,000 worth of cryptocurrencies were stolen.
Latest ransomware news
The Magniber ransomware group has started abusing two flaws in Internet Explorer, tracked as CVE-2021-26411 and CVE-2021-40444, both with a severity score of 8.8. The gang is infamous for exploiting bugs to breach systems and deploy ransomware.
The FBI issued a warning about ransomware gangs targeting organizations associated with time-sensitive events, such as mergers and acquisitions. They would use the financial information obtained to pressure the victims into paying the ransom.
Earlier this month, the Chaos ransomware group was targeting Japanese Minecraft gamers. It encrypts some data and deletes some, making recovery a humongous challenge.
What else did the report find?
Sophos suspects that attempts to mass-exploit IT admin tools and exploitable internet-facing services will continue to rise.
Threat actors are likely to increase abusing Cobalt Strike, PowerSploit, and Mimikatz.
The growing interest in Linux systems is expected to surge. Botnets such as Mirai will take advantage of software vulnerabilities and default passwords in IoT devices.
Mobile malware and social engineering scams are anticipated to evolve and keep organizations and individuals at their toes.
The bottom line
The future of ransomware looks pretty ominous in 2022. Hence, it is no longer safe and advisable for organizations to just monitor and detect malicious codes. Defenders should adopt a proactive approach to cyberthreats by analyzing alerts so that they don’t get sucked into the ransomware black hole.