The most dangerous cyber attacks in 2022 are

Cybercriminals in 2022 aren’t slowing down, and it certainly won’t be any easier for companies and private users to defend against their activities than it was last year. Analysts at Fortinet’s FortiGuard Labs identify five new types of attacks that you’ll need to be especially wary of.

1. Attacks on Linux

Until recently, Linux has been outside the realm of interest for cybercriminals. However, this has started to change. Today, attacks on this system, as well as the applications that run on it, are already as common as attacks on Windows family systems.

– This is a problem for many companies that, while used to defending against attacks on Windows systems, have never looked at Linux from a malware protection standpoint. The seriousness of the situation is added by the fact that Linux environments often contain valuable credentials, certificates, application usernames and passwords – says Derek Manky, head of Security Insights and Global Threat Alliances at Fortinet’s FortiGuard Labs.

2. Attacks on satellite networks

As the number of connections using satellite internet, already offered by several providers, increases, so will the likelihood of new exploits targeting these networks. The top target for attacks will be companies that rely on satellite communications to eliminate data latency. This is relevant e.g. in online gaming, providing mission-critical services in remote locations, for utilities or the transportation industry. Criminals’ interest in these areas means that the possible scope of attack will again increase as companies use satellite networks to connect those systems that were previously unconnected, such as. remote devices used in operational technology (OT) environments.

3. Attacks on cryptocurrency wallets

A growing number of malware types are able to steal credentials for cryptocurrency wallets, such as Bitcoin private keys, wallet addresses, and other relevant information. Attacks of this type are often launched with a phishing campaign that uses classic social engineering by attaching a malicious Microsoft Word document to an email message.

A new remote access trojan (RAT) called ElectroRAT is also an example of a tool that attacks cryptocurrency wallets. It combines social engineering with custom cryptocurrency applications, and provides keylogging (capturing characters typed on the keyboard), taking screenshots, uploading and downloading files, and executing commands.

4. Attacks on industrial and infrastructure (OT) systems

Ransomware attacks are increasingly targeting critical infrastructure, and the phrase “killware” is used to describe the nature of some of these incidents. While these attacks don’t necessarily pose a direct threat to human life, the use of the term is justified because malware that disrupts hospitals and other critical infrastructure directly affects people.

Cybercriminals conduct attacks on OT infrastructure in such a way that they have a significant impact on the physical world. The near-universal convergence of IT and OT networks makes it easier for them to access critical systems through home networks and remote worker devices. An additional risk factor is that criminals do not need to have technical expertise on ICS and SCADA systems, as tools to conduct attacks can be purchased on the Darkweb.

5. Attacks on edge network infrastructure

The rise of remote workers has exposed the infrastructure of corporate networks to many of the threats traditionally found on home networks. Significant expansion of the network infrastructure edge means that more places are being created where “living off the land” threats may be hidden. Criminals using this technique use malware built on top of pre-existing, nonthreatening toolkits, making their attacks look like normal system activity. Attacks of this type can also be combined with edge access trojans (EATs). Avoiding detection, malware located in edge environments can use local resources to observe activities and data at the network edge, then steal or encrypt it and demand a ransom to restore access.

Protection against new and old threats

Enterprises should certainly give priority to strengthening the security systems based on both Linux and Windows. When implementing new solutions, companies should be guided primarily by safety. Before adding new types of connections, e.g. using satellite communications, make sure they are properly protected. It is also important to remember that cybercriminals use their chosen tactic as long as it is beneficial. Defending against both new and familiar threats requires an integrated approach to safety. To combat them, you need to use a protection platform that is designed to make its various components work together.