FortiGuard Labs: Organizations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise

SUNNYVALE, Calif., Aug. 07, 2023 (GLOBE NEWSWIRE) --

Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs
“Disrupting cybercrime is a global effort that comprises strong, trusted relationships and collaboration across public and private sectors, as well as investing in AI-powered security services that can help overwhelmed security teams coordinate actionable threat intelligence in real time across their organization. Security teams cannot afford to sit idle with targeted threats at an all-time high. Fortinet’s FortiGuard Labs continues to provide innovative and actionable intelligence, like the Red Zone and new Exploit Prediction Scoring System analysis, to help security teams proactively prioritize patching efforts and respond to threats faster than ever.”

News Summary:
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the latest semiannual Global Threat Landscape Report from FortiGuard Labs. In the first half of 2023, FortiGuard Labs observed a decline in organizations detecting ransomware, significant activity among advanced persistent threat (APT) groups, a shift in MITRE ATT&CK techniques used by attackers, and much more. In addition to the highlights below, readers can find the full analysis by reading the 1H 2023 Global Threat Landscape Report.

While organizations continue to find themselves in a reactive position due to the growing sophistication of malicious actors and the escalation of targeted attacks, ongoing analysis of the threat landscape in the 1H 2023 Global Threat Landscape Report helps provide valuable intelligence that can serve as an early warning system of potential threat activity and help security leaders prioritize their security strategy and patching efforts. Highlights of the report follow:

Organizations Detecting Ransomware Are on the Decline: FortiGuard Labs has documented substantial spikes in ransomware variant growth in recent years, largely fueled by the adoption of Ransomware-as-a-Service (RaaS). However, FortiGuard Labs found that fewer organizations detected ransomware in the first half of 2023 (13%) compared to this time five years ago (22%). Despite the overall decline, organizations must keep their guard up. This supports the trend that FortiGuard Labs has seen over the last couple of years, that ransomware and other attacks are becoming increasingly more targeted thanks to the growing sophistication of attackers and the desire to increase the return on investment (ROI) per attack. Research also found that the volume of ransomware detections continues to be volatile, closing 1H 2023 13x higher than the end of 2022 but still on a downward trend overall when comparing year-over-year.

Malicious Actors Are 327x More Likely to Attack Top EPSS Vulnerabilities within Seven Days Compared to All Other CVEs: Since its inception, Fortinet has been a core contributor of exploitation activity data in support of the Exploit Prediction Scoring System (EPSS). This project aims to leverage a myriad of data sources to predict the likelihood and when a vulnerability will be exploited in the wild. FortiGuard Labs analyzed six years of data spanning more than 11,000 published vulnerabilities that detected exploitation and found that the Common Vulnerabilities and Exposures (CVEs) categorized with a high EPSS score (top 1% severity) are 327x more likely to be exploited within seven days than any other vulnerability. This first-of-its-kind analysis can serve as the canary in the coal mine, giving CISOs and security teams an early indication of targeted attacks against their organizations. Like the Red Zone, introduced in the last Threat Landscape Report, this intelligence can help security teams systematically prioritize patching efforts to minimize their organizations’ risk.

The Red Zone Continues to Help CISOs Prioritize Patching Efforts: The analysis by FortiGuard Labs around EPSS exploitation in the wild expands upon the efforts to define the Red Zone, which helps quantify the proportion of available vulnerabilities on endpoints that are being actively attacked. In the second half of 2022, the Red Zone was around 8.9%, meaning that about 1,500 CVEs of the more than 16,500 known CVEs were observed under attack. In the first half of 2023, that number dropped slightly to 8.3%. The delta between the 2H 2022 and 1H 2023 is minimal and would seem to be the sweet spot for malicious actors targeting vulnerabilities on endpoints. Still, it is important to note that the number of vulnerabilities discovered, present, and exploited constantly fluctuates. These variables and the effectiveness of an organization’s patch management strategy could dramatically decrease its Red Zone surface. Like the EPSS analysis above, FortiGuard Labs continues to invest in more effective ways to help organizations prioritize and more quickly close vulnerabilities.

Nearly One-Third of APT Groups Were Active in 1H 2023: For the first time in the history of the Global Threat Landscape Report, FortiGuard Labs tracked the number of threat actors behind the trends. Research revealed that 41 (30%) of the 138 cyberthreat groups MITRE tracks were active in the 1H 2023. Of those, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active based on malware detections. Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the evolution and volume of activity in this area will be something to look forward to in future reports.

Five-Year Comparison Reveals Explosion in Unique Exploits, Malware Variants and Botnet Persistence:

  • Unique Exploits on the Rise: In 1H 2023, FortiGuard Labs detected more than 10,000 unique exploits, up 68% from five years ago. The spike in unique exploit detections highlights the sheer volume of malicious attacks security teams must be aware of and how attacks have multiplied and diversified in a relatively short amount of time. The report also shows over a 75% drop in exploitation attempts per organization over a five-year window and a 10% dip in severe exploits, suggesting that while malicious actor exploit toolkits have grown, the attacks are much more targeted than five years ago.
  • Malware Families and Variants Exploded, Up 135% and 175% Respectively: In addition to the significant uptick in malware families and variants, another surprising finding is that the number of malware families that propagate to at least 10% of global organizations (a notable prevalence threshold) has doubled over the last five years. This escalation in malware volume and prevalence can be attributed to more cybercriminal and APT groups expanding operations and diversifying their attacks in recent years. A significant focus of the last Global Threat Landscape report was the surge in wiper malware largely tied to the Russian-Ukraine conflict. That increase persisted throughout 2022 but slowed over the first half of 2023. FortiGuard Labs continues to observe wipers being used by nation-state actors, although the adoption of this type of malware by cybercriminals continues to grow as they target organizations in technology, manufacturing, government, telecommunications, and healthcare sectors. 
  • Botnets Lingering in Networks Longer Than Ever: While the report finds more active botnets (+27%) and a higher incidence rate among organizations over the last half-decade (+126%), one of the more shocking findings is the exponential increase in the total number of “active days”, which FortiGuard Labs defines as the amount of time that transpires between the first hit of a given botnet attempt on a sensor and the last. Over the first six months of 2023, the average time botnets lingered before command and control (C2) communications ceased was 83 days, representing over a 1,000x increase from five years ago. This is another example where reducing the response time is critical because the longer organizations allow botnets to linger, the greater the damage and risk to their business.

Disrupting Cybercrime Requires an All-in Approach

FortiGuard Labs’ contributions to the threat intelligence community over the last decade have made significant impacts around the globe, helping to improve protections for customers, partners, and governments in their fight against cybercrime. Breaking down silos and increasing the quality of actionable threat intelligence helps organizations reduce risk and enhances the overall effectiveness of the cybersecurity industry. Cyber defenders today currently possess access to the tools, knowledge, and support to begin altering the economics of malicious actors. Still, it’s an industrywide commitment to collaboration and intelligence sharing that will ultimately create a larger ecosystem of disruption and allow the industry to gain the upper hand against cyber adversaries.

As a leader in enterprise-class cybersecurity and networking innovation, Fortinet helps secure over half a million organizations worldwide, including global enterprises, service providers, and government organizations. Of note, Fortinet’s ongoing development of artificial intelligence (AI) applied to cybersecurity uses cases, in both our FortiGuard Labs and product portfolio, is speeding the prevention, detection, and response to known and unknown threats.

Specifically, FortiGuard AI-Powered Security Services are utilized by security controls deployed across endpoints and applications through both network and cloud infrastructure. Purpose-built detection and response technologies that leverage AI engines and cloud analytics (including EDR, NDR, and others) can also be deployed as integrated extensions of such controls. Fortinet also offers centralized response tools, such as XDR, SIEM, SOAR, DRPS, and more, that leverage different AI, automation, and orchestration to speed remediation. These can all significantly disrupt cybercrime across the entire attack surface and along the cyberattack kill chain.

Report Overview 
This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2023. Using the MITRE ATT&CK framework, which classifies adversary tactics, techniques, and procedures, the FortiGuard Labs Global Threat Landscape Report describes how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets.

Meet with Fortinet at Black Hat USA
Meet Fortinet’s team of experts at booth #1240. A wide range of products, services, and threat intelligence and response solutions will be on display for attendees. Read the blog for more information.

Additional Resources

  • Read the blog for valuable takeaways from this research, or access the full report.
  • Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
  • Learn more about Fortinet’s FortiGuard Security Services portfolio.
  • Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
  • Read about how Fortinet customers are securing their organizations.
  • Follow Fortinet on TwitterLinkedInFacebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.

About FortiGuard Labs
FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence designed to protect them from malicious activity and sophisticated cyberattacks. It is composed of some of the industry’s most knowledgeable threat hunters, researchers, analysts, engineers, and data scientists in the industry, working in dedicated threat research labs all around the world. FortiGuard Labs continuously monitors the worldwide attack surface using millions of network sensors and hundreds of intelligence-sharing partners. It analyzes and processes this information using AI and other innovative technology to mine that data for new threats. These efforts result in timely, actionable threat intelligence in the form of Fortinet security product updates, proactive threat research to help our customers better understand the threats and actors they face, and threat intelligence to help our customers better understand and defend their threat landscape. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

FTNT-O
Copyright © 2023 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Media Contact:Investor Contact:Analyst Contact:
   
Travis Anderson
Peter SalkowskiBrian Greenberg
Fortinet, Inc.Fortinet, Inc.Fortinet, Inc.
408-235-7700408-331-4595408-235-7700
pr@fortinet.compsalkowski@fortinet.comanalystrelations@fortinet.com


FortiGuard Labs: Organizations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise

THỦ THUẬT HAY

Cách sửa lỗi Outlook There is no email program associated Windows 10

Trong quá trình sử dụng Outlook trên Windows 10, việc gặp phải mỗi số lỗi sẽ thường xuyên xảy ra, trong đó có There is no email program associated to perform the requested action.

Emerald Launcher - Trình khởi chạy siêu nhẹ dành cho những thiết bị Android cấu hình thấp

Cụ thể hơn, Emerald Launcher là trình khởi chạy siêu nhẹ được xây dựng dựa trên một mã nguồn mở từ lập trình viên Henri Dellal

Tạo Windows portable trên Windows 10, Windows 8.1 Enterprise không cần phần mềm

Tạo Windows portable trên USB hay cài Win trên USB để có thể sử dụng bản Windows bạn thích trên bất kỳ máy tính nào, chỉ cần cắm USB chứa bản Windows portable vào và chọn boot từ USB là xong.

Ứng dụng phân biệt các thuê bao nội mạng ngoại mạng khi chuyển mạng giữ số

Điều thắc mắc của đa phần khách hàng khi sử dụng dịch vụ chuyển mạng giữ số chính là làm sao phân biệt được số di động trong danh bạ của mình đang dùng mạng nào. Tuy nhiên, bây giờ người dùng di động có thể tra cứu nhà

18 thủ thuật giúp bạn làm chủ Google Photos

Google Photos có thể giống như một dịch vụ lưu trữ hình ảnh đơn giản, nhưng nó thực sự khá mạnh mẽ. Google Photos làm giảm khoảng cách giữa lưu trữ đám mây, lưu trữ hình ảnh và chia sẻ hình ảnh, tạo sự cạnh tranh gay

ĐÁNH GIÁ NHANH

Đánh giá Honda CBR650F 2018 - Mô-tô tầm trung gây sốt trên toàn thế giới

Xuất hiện lần đầu tiên trên thế giới vào năm 1991, CBR600F sau đó đã được thay thế bằng mẫu CBR600F2, huyền thoại này được đánh giá là một trong những chiếc xe máy tốt nhất mọi thời đại.

Đánh giá chi tiết màn hình ViewSonic XG2402 dành cho game thủ

Với sự phát triển bùng nổ và nhu cầu sử dụng màn hình có tốc độ quét cao của game thủ từ nghiệp dư đến chuyên nghiệp thì nhiều hãng làm màn hình LCD truyền thống cũng đã bắt đầu phát triển những dòng sản phẩm dành

Đánh giá chi tiết Galaxy S9: Đáng để nâng cấp

Đồng ý với tư tưởng đó, Galaxy S9 là chiếc điện thoại mà mình thật sự hài lòng. Vẫn còn có những thứ màu mè, những tính năng trang bị cho có mà ít khi dùng, nhưng tất cả những tính năng cơ bản nhất của S9 lại được thay