An nameless reader shares this report from Darkish Studying:
In latest weeks, hackers have been deploying the “IceFire” ransomware towards Linux enterprise networks, a famous shift for what was as soon as a Home windows-only malware.
A report from SentinelOne means that this may occasionally signify a budding pattern. Ransomware actors have been concentrating on Linux techniques greater than ever in cyberattacks in latest weeks and months, notable not least as a result of “compared to Home windows, Linux is harder to deploy ransomware towards, notably at scale,” Alex Delamotte, safety researcher at SentinelOne, tells Darkish Studying….
“[M]any Linux techniques are servers,” Delamotte factors out, “so typical an infection vectors like phishing or drive-by obtain are much less efficient.” So as a substitute, latest IceFire assaults have exploited CVE-2022-47986 — a vital distant code execution (RCE) vulnerability within the IBM Aspera information switch service, with a CVSS ranking of 9.8.
Delamotte posits just a few causes for why extra ransomware actors are selecting Linux as of late. For one factor, she says, “Linux-based techniques are continuously utilized in enterprise settings to carry out essential duties resembling internet hosting databases, Internet servers, and different mission-critical purposes. Consequently, these techniques are sometimes extra beneficial targets for ransomware actors as a consequence of the potential of a bigger payout ensuing from a profitable assault, in comparison with a typical Home windows consumer.”
A second issue, she guesses, “is that some ransomware actors could understand Linux as an unexploited market that would yield a better return on funding.”
Whereas earlier reviews had IceFire targetting tech firms, SentinelLabs says they’ve seen latest assaults towards organizations “within the media and leisure sector,” impacting victims “in Turkey, Iran, Pakistan, and the United Arab Emirates, that are sometimes not a spotlight for organized ransomware actors.”
