This article was originally published on TechRepbulic – click here to view
Cybersecurity changes rapidly, but one thing remains constant. Threats don’t seem to slow down. If your network and security tools aren’t up to the task of protecting your organization now, it’s not likely to get better going forward. Cybercrime is an industry unto itself, with new business models and tactics being developed all the time.
If you’re still struggling to integrate and manage a collection of single-purpose products, the resulting complexity and lack of visibility is likely to leave your organization vulnerable. You should work to address security gaps as quickly as possible and take note of these five threats. They may target different areas, but each is cause for concern.
- Attacks on Linux Systems – Remember when everyone said we should all ditch Windows and move to Linux because it was never attacked? It’s true that up until recently, Linux was generally ignored by cybercriminals. But sadly, that’s no longer the case anymore. Attacks against Linux operating systems and the applications that run on those systems are becoming as common as attacks on Windows systems. You might be used to defending against Windows attacks, but you might not be familiar with how to protect Linux from malware. One example of a Linux attack is a malicious implementation of the Beacon feature of Cobalt Strike called Vermilion Strike. It can target Linux systems with remote access capabilities without being detected. More botnet malware is being written for Linux platforms as well.
In addition to being yet another vulnerable area to worry about, attacks on Linux systems are particularly concerning because Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications. And even worse, Linux environments often have valuable data like Secure Socket Shell (SSH) credentials, certificates, applications usernames, and passwords.
Here’s something else to consider. Microsoft is now actively integrating Windows Subsystem for Linux (WSL) into Windows 11. WSL is a compatibility layer used for running Linux binary executables natively on Windows. You can be sure that malware will follow.
Most organizations just aren’t used to protecting Linux systems. Furthermore, many Linux users are power users and these systems are frequently sitting in parts of organizations that are providing critical services.
- Attacks in space – Space may be the final frontier, but it’s no longer safe from cyberattacks thanks to the increase in satellite internet. New exploits targeting satellite Internet networks will increase, and the biggest targets are likely to be organizations that rely on satellite-based connectivity to support low-latency activities. These activities include online gaming or delivering critical services to remote locations and remote field offices, pipelines, or cruises and airlines. As organizations add satellite networks to connect previously off-grid systems such as remote OT devices to their interconnected networks, it will increase the attack surface.
- Attacks on Crypto Wallets – Just as a pickpocket can run off with your money in the real world, in the digital world, crypto wallets are now at risk. Attackers are creating more malware designed to target stored information, so they can steal credentials such as a bitcoin private keys, bitcoin addresses, and crypto wallet addresses. Once an attacker has vital information, they can drain the digital wallet. Many attacks begin with a phishing scam with a malicious Microsoft Word document attached to a spam email. A Word document macro then delivers the malware that steals the crypto wallet information and credentials from a victim’s infected devices.
Another scam involves a fake Amazon gift card generator that targets digital wallets by replacing the victim’s wallet with the attacker’s. And ElectroRAT is a new remote access trojan (RAT) that targets cryptocurrency by combining social engineering with custom cryptocurrency applications. ElectroRAT can perform keylogging, take screenshots, upload and download files, and execute commands.
- Attacks on Critical Infrastructure – Over the last year, ransomware attacks have been on the rise, but now they are increasingly targeting critical infrastructure. Instead of going after smaller targets, cybercriminals are waging larger, more public attacks that affect more people. The convergence of information technology (IT) and operational technology (OT) networks has made it easier for attackers to access OT systems. By accessing compromised home networks or the devices used by remote workers, they can access IT and then OT systems. The rise of ransomware as a service means that attackers don’t need to have specialized technical knowledge anymore. They can simply buy attack kits on the dark web to attack OT systems.
Some of the incidents that target critical infrastructure have been called “killware,” even though the attacks don’t directly target human lives. However, the malware differs from regular exploits in that it disrupts hospitals, pipelines, water treatment plants, and other critical infrastructure that directly impacts people.
- Attacks on the network edge – The increase in the number of people working remotely has led to an exponential expansion of new network edges, which has significantly expanded the attack surface and exposed corporate networks to many of the threats to residential networks. Because of this increase in network edges, there are more opportunities for “living off the land” threats. This type of threat involves using malware created from existing toolsets and capabilities, so the attacks and data exfiltration appear to be normal system activity. Living off the land attacks are sometimes combined with edge access trojans (EATs). The malware located in these edge environments uses local resources to observe activities and data at the edge and then steal, hijack, or ransom critical systems, applications, and information.
Be prepared
All of these threats amply show why organizations must prioritize cybersecurity. Threats aren’t going away, so organizations need an integrated, coordinated approach to security instead of attempting to assemble a collection of point products. Instead of adding yet another security product to solve a problem, organizations should consider a cybersecurity mesh platform approach to security for unified visibility, automated control, and coordinated protection.