By Derek Manky
It’s no surprise that overall cybersecurity attacks have increased in recent years, but this has only accelerated since the rapid shift to remote and hybrid work in 2020. This acceleration has continued, with new threats rapidly cropping up around the world. In the first half of 2022, FortiGuard Labs observed an overall increase in attack frequency, paired with the explosive growth of new variants associated with familiar tactics. While attack volume isn’t showing any signs of slowing, the back half of the year gave rise to some other distinct trends in activity.
The 2H 2022 Threat Landscape Report from the FortiGuard Labs team draws on the information on billions of threat events gleaned from a global array of sensors to uncover emerging trends and offers insights to help security professionals meet the challenge of today’s threat landscape.
Ransomware is in full force
Ransomware continues to be a lucrative tactic, and cybercriminals have taken notice. Bad actors continue to turn out new variants and feed the new Ransomware-as-a-Service (RaaS) network, which has only become more effective. In the second half of 2022, five ransomware “families” accounted for almost 40 per cent of all ransomware, and GandCrab, introduced in 2018, was one of the top variants.
Recently, the threat actors behind GandCrab announced their retirement, but there may still be a long tail of variants coming from this operation in the coming months and years.
More damage, more often
As predicted, the resurgence in wiper malware deepened through the second half of 2022. While wiper malware was initially associated with nation-state actors—particularly in the context of the Russia-Ukraine conflict—the researchers report seeing wipers scaled and deployed globally. As a result, they saw a 53 per cent increase in wiper activity through the end of 2022.
These new strains are being utilized by cybercriminals and offered for sale as part of the growing Cybercrime-as-a-Service (CaaS) network. This commodification of wiper malware increases the threat facing organizations and countries.
Working smarter, not harder
With the growth of CaaS, what’s old is becoming new again. Cybercriminals “work smarter, not harder” by upgrading well-known botnets like Mirai and Gh0st RAT, to create more sophisticated ways to infiltrate networks. In the second half of 2022, we saw a spike in the use of familiar botnets and malware variants. Of the top five botnets by prevalence, only one is from the current decade. It’s also the trend with malware. Some top strains observed originated in 2010.
It’s a profitable approach and maximizes existing investments and knowledge. Reusing botnet and malware code is efficient, cost-effective, and enables fine-tuning to avoid detection better. This trend underscores the need for comprehensive and integrated security services with AI and machine learning-powered detection and response to ensure security teams have the tools to quickly and efficiently counter threats.
The most common malware delivery approach seen in the second half of 2022 was the drive-by compromise. In this approach, attackers gain access to systems by getting victims to download malicious code while they are browsing online.
Protecting against this type of attack requires attention to good cyber-hygiene, including regular software patching, the adoption of intrusion prevention system (IPS) technology and investment in ongoing cyber-awareness training programs for employees.
Lessons learned, action to take
While awareness of cyberattacks is growing – and offerings like ransomware insurance are becoming commonplace – there is still much to be done to protect organizations from the growing cottage industry of CaaS. Bad actors are motivated by profit, finding ways to reinvest in existing assets to improve, refine and refresh approaches that work. Regularly monitoring and understanding new trends can help organizations proactively prepare for what’s on the horizon.
Learnings from the research done over the last half of 2022 show that older threats can’t be discounted and a comprehensive view of how the threat landscape is evolving is required to adequately defend against it.
Organizations can strengthen their security stance by consolidating their security technology to a few trusted vendors to reduce complexity and increase visibility. Security teams can also look at bolstering their bench strength with a trusted third party that offers real-time threat intelligence and can provide incident response and readiness activities, from developing cyberattack playbooks and conducting tabletop exercises to ensure organizations are prepared for any incident. By being proactive and selecting the vendors and solutions, organizations can stop adversaries as early in the attack cycle and significantly lower the impact of a breach.
Derek Manky is Chief Security Strategist & VP Global Threat Intelligence at Fortinet’s FortiGuard Labs.