Sharing is caring!
Fortinet®, the global cybersecurity leader driving the convergence of networking and security, today released the latest semi-annual Global Threat Landscape Report by FortiGuard Labs. In the first half of 2023, FortiGuard Labs observed a decline in organizations detecting ransomware, significant activity among APT (Advanced Persistent Threat) groups, changes in his MITER ATT&CK techniques used by attackers, and more. In addition to the highlights below, readers can find the full analysis by reading the article below. Global Threat Landscape Report for the First Half of 2023.
While the increasing sophistication of malicious actors and the escalation of targeted attacks continue to put organizations in a reactive position, our continued analysis of the threat landscape in our Global Threat Landscape Report for the first half of 2023: It helps provide valuable intelligence that acts as an early warning. Monitor potential threat activity and help security leaders prioritize security strategy and patching efforts. Highlights of the report include:
Organizations Detecting Ransomware Are Fewer: FortiGuard Labs Documents pretty spikes The rise of ransomware variants in recent years is largely driven by the introduction of Ransomware-as-a-Service (RaaS). However, FortiGuard Labs found that fewer organizations detected ransomware in the first half of 2023 (13%) compared to this time five years ago (22%). Despite the overall decline, organizations should remain vigilant. This is a trend that FortiGuard Labs has seen over the last few years: the increasing sophistication of attackers and the desire for higher return on investment (ROI) per attack has made ransomware and other attacks increasingly targeted. It supports the trend that Ransomware detections remain volatile, according to the study, with him finishing 13 times more in the first half of 2023 than he did at the end of 2022, although the overall year-over-year comparison is still down.
Malicious attackers are 327 times more likely to attack key EPSS vulnerabilities within 7 days compared to all other CVEs: Fortinet has been a central source of exploit activity data since its inception As a contributor, Exploit prediction scoring system (EPSS). The project aims to leverage myriad data sources to predict the likelihood and timing of actual exploitation of vulnerabilities. FortiGuard Labs analyzed six years of data across over 11,000 publicly disclosed vulnerabilities that detected exploitation, and found that Common Vulnerabilities and Exposures (CVEs) classified with high EPSS scores (top 1% severity) were: It was found to be 327 times more likely to be exploited within 7 days. Other vulnerabilities. The first-of-its-kind analysis acts as a canary in a coal mine, giving CISOs and security teams early indications of targeted attacks against their organizations. Like the red zone introduced in Latest Threat Landscape Reportthis intelligence helps security teams systematically prioritize patching efforts to minimize organizational risk.
Red Zones continue to help CISOs prioritize their patching efforts: FortiGuard Labs’ analysis of real-world EPSS exploits is an extension of efforts to define Red Zones, which are active Helps quantify the percentage of vulnerabilities available on endpoints that are being attacked by In late 2022, the red zone was around 8.9%. This means that out of over 16,500 known CVEs, around 1,500 CVEs were observed being attacked. In the first half of 2023, this figure has slightly decreased to 8.3%. The difference between the second half of 2022 and the first half of 2023 is minimal, and we believe it is the perfect place for malicious actors to target endpoint vulnerabilities. Still, it’s important to note that the number of vulnerabilities discovered, present, and exploited is constantly fluctuating. These variables and the effectiveness of an organization’s patch management strategy can significantly reduce the area of the red zone. Similar to the EPSS analysis above, FortiGuard Labs continues to invest in more effective ways to help organizations prioritize and resolve vulnerabilities faster.
In the first half of 2023, almost a third of APT groups were active. FortiGuard Labs tracked the number of threat actors behind trends for the first time in the history of the Global Threat Landscape Report. According to the survey, 41 out of 138 (30%) cyber threat group The MITER track was active in the first half of 2023. Based on malware detections, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active of them. Given the targeted nature and relatively short-lived activity of APTs and state cyber groups compared to the long-running activity of cybercriminals, the evolution and volume of activity in this area are to be expected in future reports. will be what is done. .
A five-year comparison reveals an explosive growth in unique exploits, malware variants, and botnet persistence.
- Unique Exploits Increase: In the first half of 2023, FortiGuard Labs detected over 10,000 unique exploits. This is a 68% increase from where he was five years ago. The spike in detections of unique exploits highlights the sheer volume of malicious attacks security teams must be aware of and how they have proliferated and diversified in a relatively short period of time. . The report also showed a more than 75% decrease in exploit attempts per organization over a five-year period and a 10% decrease in critical exploits, suggesting that while malicious attacker exploit toolkits are on the rise, It suggests that attacks are much more targeted than they were five years ago.
- Malware Families and Variants Explosively Increased by 135% and 175%, respectively: In addition to the massive increase in malware families and variants, another surprising finding propagated to at least 10% of organizations globally is the number of malware families that threshold) has doubled in the last five years. This increase in malware volume and prevalence can be attributed to the increasing activity and diversification of attacks by the cybercriminal group and his APT group in recent years. A key focus of our previous Global Threat Landscape report was the surge in wiper he malware, primarily related to the conflict between Russia and Ukraine. This increase he continued through 2022, but slowed in the first half of 2023. FortiGuard Labs continues to observe the use of wipers by nation-state actors, but the adoption of this type of malware by cybercriminals continues to increase, targeting organizations in the technology, manufacturing, and technical sectors. . Government, telecommunications and medical sectors.
- Botnets stay in networks longer than ever: Report finds increased botnet activity (+27%) and higher prevalence among organizations (+126%) over the past five years ), but one of the more striking findings is the exponential growth of botnets. FortiGuard Labs defines total “active days” as the time from the first hit to the last of a given botnet attempt on a sensor. In his first six months of 2023, his average time before a botnet ceased command and control (C2) communication was 83 days, an increase of more than 1,000 times from five years ago. did. This is another example of why fast response times are important, as the longer an organization allows a botnet to remain unattended, the greater the damage and risk to the business.
Stopping cybercrime requires a holistic approach
FortiGuard Labs’ contributions to the threat intelligence community over the past decade have had a significant impact around the world, helping to better protect customers, partners and governments in the fight against cybercrime. By breaking down silos and increasing the quality of actionable threat intelligence, organizations can reduce risk and increase effectiveness across the cybersecurity industry. Cyber defenders now have access to the tools, knowledge and support to start changing the economic landscape for malicious actors. Still, this is an industry-wide commitment to collaboration and intelligence sharing that will ultimately create a larger disruptive ecosystem that will allow the industry to gain an edge against cyber attackers.
Fortinet is a leader in enterprise-class cybersecurity and networking innovation, helping secure more than half a million organizations around the world, including global enterprises, service providers and government agencies. Notably, Fortinet continues to develop artificial intelligence (AI) applied to cybersecurity use cases in both FortiGuard Labs and product portfolios to prevent, detect and prevent known and unknown threats. , to expedite the response.
Specifically, FortiGuard AI-powered security services are leveraged by security controls deployed across endpoints and applications through both network and cloud infrastructure. Dedicated detection and response technologies that leverage AI engines and cloud analytics (including EDR, NDR, etc.) can also be deployed as integrated extensions of such controls. Fortinet also offers central response tools such as XDR, SIEM, SOAR and DRPS that leverage a variety of AI, automation and orchestration to speed remediation. All of these can significantly hinder cybercrime across the attack surface and along the cyberattack kill chain.