Shotgun targeting of malware attacks will be the defining infosec theme of 2022, reckons Sophos

And more badness going for Linux and virtualization, too


Future malware and ransomware infections will consist of "shotgun attacks with pinpoint targeting", according to Sophos' 2022 threat report.

As if that wasn't enough, the British infosec biz reckons established commodity malware attacks will end up delivering ever more ransomware, while extortion tactics used by ransomware gangs will become more diverse and intense – with the aim of browbeating victims into handing over cash.

"Ransomware thrives because of its ability to adapt and innovate," said Chester Wisniewski, principal research scientist at Sophos, in a canned statement. "For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers."

The near-ubiquitous cyber threat has featured heavily in the news recently, following US rewards totalling millions of dollars for information leading to the arrests and convictions of certain high-profile ransomware gangs. On top of that, numerous countries' police forces – most notably that of Ukraine – have arrested people alleged to be members of the gangs.

Aside from ransomware, Sophos said 2022 would see re-runs of the ProxyLogon and ProxyShell attacks where vulns in widely used IT services and products were instantly leapt upon by criminals and nation states alike. The firm expects to see "a growing [criminal] interest in Linux-based systems during 2022, both in the cloud and on web and virtual servers."

Targeted shotgun attacks, as Sophos described them, may also increase. The company used the Gootloader attacks as an example, highlighting how malicious websites were pushed up Google search results rankings by crims. Filtering of marks who clicked these malicious links ruled out those who weren't running certain combinations of operating systems and browsers.

"SophosLabs believes that this may represent a novel way for malware distributors to thwart malware researchers while giving themselves a greater degree of certainty that their malware is going to a subset of victims that may be more desirable than the general population," concluded the company.

Anti-analysis techniques in themselves are nothing new: in September Kaspersky highlighted how the FinFisher spyware incorporated multiple techniques intended to frustrate researchers examining the malware's workings. Sophos, however, pointed out that in some email spam campaigns it had observed, the only lure was a phone number; human telephone operators then "perform a kind of psychological profiling on the caller, to determine whether they’re likely to be a real victim."

Linux and virtualized systems may also fall under greater threat in 2022, in Sophos' view, with the firm warning: "One ransomware we encountered in 2021 targeted the VMware ESXi platform and came in the form of a Python script that, when run on a hypervisor, shuts down all the running virtual machines and then encrypts the datastore where the virtual hard drives, and other configuration files, are kept on the hypervisor."

Hair-raising stuff – and the incident above occurred to a "logistics and shipping industry" company during this year. The RansomEXX trojan, which targets VMware ESXi hypervisors, was spotted by Sophos in June 2021 after an attack against a different ESXi hypervisor "run by a large commercial bakery".

The threats, they are a-evolvin'. The old belief that your organisation is too small, obscure or low revenue to be targeted is dangerous these days – so keep your defences up. ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Talos names eight deadly sins in widely used industrial software
    Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

    A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.

    The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things (IIoT) efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as well as custom applications and APIs, databases and edge systems.

    Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES are among the users of the OAS platform.

    Continue reading
  • Despite global uncertainty, $500m hit doesn't rattle Nvidia execs
    CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

    Nvidia is expecting a $500 million hit to its global datacenter and consumer business in the second quarter due to COVID lockdowns in China and Russia's invasion of Ukraine. Despite those and other macroeconomic concerns, executives are still optimistic about future prospects.

    "The full impact and duration of the war in Ukraine and COVID lockdowns in China is difficult to predict. However, the impact of our technology and our market opportunities remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the company's first-quarter earnings call.

    Those two statements might sound a little contradictory, including to some investors, particularly following the stock selloff yesterday after concerns over Russia and China prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

    Continue reading
  • Another AI supercomputer from HPE: Champollion lands in France
    That's the second in a week following similar system in Munich also aimed at researchers

    HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at building and training larger machine learning models to underpin research.

    Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is to be named Champollion after the French scholar who made advances in deciphering Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

    Champollion brings together HPC and purpose-built AI technologies to train machine learning models at scale and unlock results faster, HPE said. HPE already provides HPC and AI resources from its Grenoble facilities for customers, and the broader research community to access, and said it plans to provide access to Champollion for scientists and engineers globally to accelerate testing of their AI models and research.

    Continue reading

Biting the hand that feeds IT © 1998–2022