By Nick Alevetsovitis
The semiannual FortiGuard Labs Global Threat Landscape Report is out, and the news isn’t great for defenders. Among the plethora of risks facing organizations, ransomware variants almost doubled in the last six months alone. As networks continue to expand, so do opportunities to exploit them, increasing the need for artificial intelligence (AI) and machine learning (ML) tools to bolster security efforts.
The report reviewed the cyber threat landscape over the first half of 2022 using data from Fortinet’s global array of sensors, monitored by FortiGuard Labs. The report indicates that cybercriminals and their attacks continue to be more plentiful, destructive, and technologically sophisticated.
What We Learned
Ransomware continues to be a top threat, with a dramatic increase in the number of variants moving across the globe. FortiGuard Labs saw 10,666 ransomware variants in a six-month period, almost double what was uncovered for the six months prior.
This increase is driven by ransomware’s success and the emergence of Ransomware-as-a-Service (RaaS). Developers now offer subscription model services on the dark web for plug-and-play ransomware, meaning novice cybercriminals can now participate, increasing the number of bad actors and threats organizations must face.
The potential for damage is also growing. FortiGuard Labs noted the spread of wiper malware as part of these RaaS toolkits, which destroy data by wiping it databases clean. Analysis of wiper malware shows that adversaries use it not just for the payout but also to support objectives such as sabotage, destruction of evidence, and cyberwar. Geopolitical aggressions like the war in Ukraine are also a factor: FortiGuard Labs identified at least seven major new wiper variants since the beginning of 2022 that targeted government, military, and private organizations to disrupt critical infrastructure and services. These wiper variants are also being traced to an expanded list of countries in Western Europe, beyond the previous concentrations in Ukraine.
Adversaries also continue to invest in new and more sophisticated attack techniques. They are patient; using reconnaissance to access systems with the goal of lateral movement to get deeper into corporate networks over time. In addition, they are adopting defense evasion techniques by masking or hiding within the system. Defense evasion was among malware developers’ top tactics (59.2%). Both reconnaissance and evasion techniques enable bad actors to increase precision and destructive capabilities across the cyber-attack chain.
What’s Driving the Increase
The expanding nature of today’s networks is fueling the growth in potential attacks, as are hybrid work models, which have increased the number of work-from-anywhere (WFA) endpoints. Coupled with the proliferation of Internet of Things (IO) devices, the attack surface is significantly wider than ever before.
Adversaries are also increasingly targeting operational technology (OT) networks along with traditional information technology (IT) systems. As OT networks shift from air-gapped environments to connect with IT networks, they risk exploitation by adversaries seeking to disrupt the services people, industries, and communities rely on.
Lastly, old vulnerabilities continue to be exploited.
What Can Organizations Do?
With the ongoing and rapid rise in threats, most organizations will find it hard to keep pace with limited security resources. Quickly detecting and comparing data from the endpoint, cloud, and network is critical to thwarting attacks. Organizations should consider adopting AI and ML-powered prevention, detection, and response strategies to keep up with the volume, sophistication, and speed of today’s cyber threats. When integrated within a cybersecurity mesh architecture, these tools enable organizations to benefit from increased automation and timely and coordinated responses to cyber threats.
It is also important that organizations continue to practice good digital hygiene through regular threat assessments and diligent patching. Cybersecurity awareness training can help employees identify social engineering techniques designed to infiltrate systems. Further, organizations can ensure they control access to networks, devices, and applications with a zero-trust approach and endpoint security. Should an adversary gain access, granular segmentation can prevent lateral movement and secondary downloads.
Finally, as the Global Threat Landscape Report demonstrates, access to actionable threat intelligence can be a game changer for organizations. When information about attack techniques is shared, organizations can use that intelligence to adapt and react quickly. After all, in the face of global cyber threats, all defenders are on the same team.
Nick Alevetsovitis is Vice President, Canada Enterprise and Commercial Business at Fortinet