Express Computer
Home  »  News  »  FortiGuard Labs: Organisations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise

FortiGuard Labs: Organisations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise

0 55

Fortinet, the global cybersecurity leader driving the convergence of networking and security, announced the latest semiannual Global Threat Landscape Report from FortiGuard Labs. In the first half of 2023, FortiGuard Labs observed a decline in organisations detecting ransomware, significant activity among advanced persistent threat (APT) groups, a shift in MITRE ATT & CK techniques used by attackers, and much more. In addition to the highlights below, readers can find the full analysis by reading the 1H 2023 Global Threat Landscape Report.

While organisations continue to find themselves in a reactive position due to the growing
sophistication of malicious actors and the escalation of targeted attacks, ongoing
analysis of the threat landscape in the 1H 2023 Global Threat Landscape Report helps
provide valuable intelligence that can serve as an early warning system of potential
threat activity and help security leaders prioritise their security strategy and patching
efforts. Highlights of the report follow:

Organisations Detecting Ransomware Are on the Decline: FortiGuard Labs has
documented substantial spikes in ransomware variant growth in recent years, largely
fueled by the adoption of Ransomware-as-a-Service (RaaS). However, FortiGuard Labs
found that fewer organisations detected ransomware in the first half of 2023 (13%) compared to this time five years ago (22%). Despite the overall decline, organisations must keep their guard up. This supports the trend that FortiGuard Labs has seen over the last couple of years, that ransomware and other attacks are becoming increasingly more targeted thanks to the growing sophistication of attackers and the desire to increase the return on investment (ROI) per attack. Research also found that the volume of ransomware detections continues to be volatile, closing 1H 2023 13x higher than the end of 2022 but still on a downward trend overall when comparing year-over-year.

Malicious Actors Are 327x More Likely to Attack Top EPSS Vulnerabilities within Seven Days Compared to All Other CVEs: Since its inception, Fortinet has been a core contributor of exploitation activity data in support of the Exploit Prediction Scoring System (EPSS). This project aims to leverage a myriad of data sources to predict the likelihood and when a vulnerability will be exploited in the wild. FortiGuard Labs analysed six years of data spanning more than 11,000 published vulnerabilities that detected exploitation and found that the Common Vulnerabilities and Exposures (CVEs) categorised with a high EPSS score (top 1% severity) are 327x more likely to be exploited within seven days than any other vulnerability. This first-of-its-kind analysis can serve as the canary in the coal mine, giving CISOs and security teams an early indication of targeted attacks against their organisations. Like the Red Zone, introduced in the last Threat Landscape Report, this intelligence can help security teams systematically prioritise patching efforts to minimise their organisations’ risk.

The Red Zone Continues to Help CISOs Prioritise Patching Efforts: The analysis by FortiGuard Labs around EPSS exploitation in the wild expands upon the efforts to define
the Red Zone, which helps quantify the proportion of available vulnerabilities on
endpoints that are being actively attacked. In the second half of 2022, the Red Zone was
around 8.9%, meaning that about 1,500 CVEs of the more than 16,500 known CVEs
were observed under attack.

In the first half of 2023, that number dropped slightly to 8.3%. The delta between the 2H 2022 and 1H 2023 is minimal and would seem to be the sweet spot for malicious actors targeting vulnerabilities on endpoints. Still, it is important to note that the number of vulnerabilities discovered, present, and exploited constantly fluctuates. These variables and the effectiveness of an organisation’s patch management strategy could dramatically decrease its Red Zone surface. Like the EPSS analysis above, FortiGuard Labs continues to invest in more effective ways to help organisations prioritise and more quickly close vulnerabilities.

Nearly One-Third of APT Groups Were Active in 1H 2023: For the first time in the
history of the Global Threat Landscape Report, FortiGuard Labs tracked the number of
threat actors behind the trends. Research revealed that 41 (30%) of the 138 cyberthreat
groups MITRE tracks were active in the 1H 2023. Of those, Turla, StrongPity, Winnti,
OceanLotus, and WildNeutron were the most active based on malware detections.
Given the targeted nature and relatively short-lived campaigns of APT and nation-state
cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the
evolution and volume of activity in this area will be something to look forward to in future
reports.

Five-Year Comparison Reveals Explosion in Unique Exploits, Malware Variants and Botnet Persistence:
 Unique Exploits on the Rise: In 1H 2023, FortiGuard Labs detected more than 10,000 unique exploits, up 68% from five years ago. The spike in unique exploit detections highlights the sheer volume of malicious attacks security teams must be aware of and how attacks have multiplied and diversified in a relatively short amount of time. The report also shows over a 75% drop in exploitation attempts per organisation over a five-year window and a 10% dip in severe exploits, suggesting that while malicious actor exploit toolkits have grown, the attacks are much more targeted than five years ago.

 Malware Families and Variants Exploded, Up 135% and 175% respectively:
In addition to the significant uptick in malware families and variants, another surprising finding is that the number of malware families that propagate to at least 10% of global organisations (a notable prevalence threshold) has doubled over the last five years. This escalation in malware volume and prevalence can be attributed to more cybercriminal and APT groups expanding operations and diversifying their attacks in recent years.

A significant focus of the last Global Threat Landscape report was the surge in wiper malware largely tied to the Russian-Ukraine conflict. That increase persisted throughout 2022 but slowed over the first half of 2023. FortiGuard Labs continues to observe wipers being used by nation-state actors, although the adoption of this type of malware by cybercriminals continues to grow as they target organisations in technology, manufacturing, government, telecommunications, and healthcare sectors.

 Botnets Lingering in Networks Longer Than Ever: While the report finds more active botnets (+27%) and a higher incidence rate among organisations over the last half-decade (+126%), one of the more shocking findings is the exponential increase in the total number of “active days”, which FortiGuard Labs defines as the amount of time that transpires between the first hit of a given botnet attempt on a sensor and the last.

Over the first six months of 2023, the average time botnets lingered before command and control (C2) communications ceased was 83 days, representing over a 1,000x increase from five years ago. This is another example where reducing the response time is critical because the longer organisations allow botnets to linger, the greater the damage and risk to their business.

Disrupting Cybercrime Requires an All-in Approach
FortiGuard Labs’ contributions to the threat intelligence community over the last decade have made significant impacts around the globe, helping to improve protections for customers, partners, and governments in their fight against cybercrime. Breaking down silos and increasing the quality of actionable threat intelligence helps organisations reduce risk and enhances the overall effectiveness of the cybersecurity industry.

Cyber defenders today currently possess access to the tools, knowledge, and support to begin altering the economics of malicious actors. Still, it’s an industrywide commitment to collaboration and intelligence sharing that will ultimately create a larger ecosystem of disruption and allow the industry to gain the upper hand against cyber adversaries.

As a leader in enterprise-class cybersecurity and networking innovation, Fortinet helps
secure over half a million organisations worldwide, including global enterprises, service
providers, and government organisations. Of note, Fortinet’s ongoing development of
artificial intelligence (AI) applied to cybersecurity use cases, in both our FortiGuard
Labs and product portfolio, is speeding the prevention, detection, and response to
known and unknown threats.

Specifically, FortiGuard AI-Powered Security Services are utilised by security controls
deployed across endpoints and applications through both network and cloud infrastructure. Purpose-built detection and response technologies that leverage AI engines and cloud analytics (including EDR, NDR, and others) can also be deployed as integrated extensions of such controls. Fortinet also offers centralised response tools, such as XDR, SIEM, SOAR, DRPS, and more, that leverage different AI, automation, and orchestration to speed remediation. These can all significantly disrupt cybercrime across the entire attack surface and along the cyberattack kill chain.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image