75% Increase in Ransomware Attacks on Linux Servers, Says Trend Micro

In the upcoming years, ransomware gangs will progressively target Linux servers and embedded devices, according to Trend Micro’s prediction. In the first half of 2022, it observed a double-digit YoY rise in assaults on Linux server systems.

“New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision,” said Jon Clay, Vice President of threat intelligence for Trend Micro. “That’s why it’s essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface. A single, unified cybersecurity platform is the best place to start.”

According to Trend Micro research data:

  • In the first half of 2022, Trend Micro stopped 63 billion attacks
  • Threats increased by 52% in the first half of 2018 compared to the same time in 2021
  • The top three industries that malware targets are the government, industry, and healthcare

In the first half of 2022, attacks using ransomware-as-a-service were increasingly detected. Detections of significant players like LockBit and Conti increased by 500 percent YoY and nearly doubled in just six months, respectively. For ransomware creators and their associates, the ransomware-as-a-service business model has brought in considerable revenues.

Every day, new ransomware gangs pop up. Black Basta is the most noticeable throughout the first half of 2022. 50 organizations were hit by the group in just two months. Despite the fact that SMBs are becoming a more and more popular target, many people continue to ‘hunt the big game’ of huge corporations.

Unpatched Vulnerabilities

Vulnerability exploitation is one of the main attack methods for ransomware. 944 vulnerabilities were the subject of warnings from Trend Micro’s Zero Day Initiative during that time, a 23 percent Year over Year increase. The number of published critical bug warnings increased by 400 percent YoY.

APT organizations use a large infrastructure and a variety of malware tools to continuously improve their techniques. Another indication that threat actors are increasingly incorporating Emotet into their complex cybercrime operations is the ten-fold rise in detection rates.

Threat actors being able to weaponize these issues quicker than manufacturers can deliver patch updates or consumers can fix them is a source of worry.

As the hybrid workplace grows its IT infrastructure, unpatched vulnerabilities would add to a growing digital attack surface that many enterprises are unable to manage safely. 43 percent of international organizations say it is ‘spiring out of control’ and that this is the case.

Given the ongoing risk of outside parties taking advantage of poorly designed infrastructures and adopting cutting-edge methods like cloud-based crypto mining and cloud tunneling, cloud visibility would especially be crucial. Threat actors commonly employ the latter to host phishing websites or redirect malware traffic, concluded Trend Micro.