FortiGuard Labs Reports Ransomware Variants Almost Double in Six
Months
Derek Manky, Chief Security Strategist & VP Global
Threat Intelligence, FortiGuard Labs“Cyber adversaries are
advancing their playbooks to thwart defense and scale their
criminal affiliate networks. They are using aggressive execution
strategies such as extortion or wiping data as well as focusing on
reconnaissance tactics pre-attack to ensure better return on threat
investment. To combat advanced and sophisticated attacks,
organizations need integrated security solutions that can ingest
real-time threat intelligence, detect threat patterns, and
correlate massive amounts of data to detect anomalies and
automatically initiate a coordinated response across hybrid
networks.”
News Summary: Fortinet® (NASDAQ: FTNT), a
global leader in broad, integrated, and automated cybersecurity
solutions, today announced the latest semiannual FortiGuard Labs
Global Threat Landscape Report. For a detailed view of the report,
as well as some important takeaways, read the blog. Highlights of
the 1H 2022 report follow:
- The ransomware threat continues to adapt with more variants
enabled by Ransomware-as-a-Service (RaaS).
- Work-from-anywhere (WFA) endpoints remain targets for cyber
adversaries to gain access to corporate networks. Operational
technology (OT) and information technology (IT) environments are
both attractive targets as cyber adversaries search for
opportunities in the growing attack surface and IT/OT
convergence.
- Destructive threat trends continue to evolve, as evidenced by
the spread of wiper malware as part of adversary toolkits.
- Cyber adversaries are embracing more reconnaissance and defense
evasion techniques to increase precision and destructive
weaponization across the cyber-attack chain.
Ransomware Variant Growth Shows Evolution of Crime
Ecosystems: Ransomware remains a top threat and cyber
adversaries continue to invest significant resources into new
attack techniques. In the past six months, FortiGuard Labs has seen
a total of 10,666 ransomware variants, compared to just 5,400 in
the previous six-month period. That is nearly 100% growth in
ransomware variants in half a year. RaaS, with its popularity on
the dark web, continues to fuel an industry of criminals forcing
organizations to consider ransomware settlements. To protect
against ransomware, organizations, regardless of industry or size,
need a proactive approach. Real-time visibility, protection, and
remediation coupled with zero-trust network access (ZTNA) and
advanced endpoint detection and response (EDR) are critical.
Graph of weekly ransomware volume over the last 12
monthshttps://www.globenewswire.com/NewsRoom/AttachmentNg/f90c8d79-5679-40e4-a08f-bb3660ee4afd
Exploit Trends Show OT and the Endpoint Are Still
Irresistible Targets: The digital convergence of IT and OT
and the endpoints enabling WFA remain key vectors of attack as
adversaries continue to target the growing attack surface. Many
exploits of vulnerabilities at the endpoint
involve unauthorized users gaining access to a system with a
goal of lateral movement to get deeper into corporate networks. For
example, a spoofing vulnerability (CVE 2022-26925) placed high in
volume, as well as a remote code execution (RCE) vulnerability (CVE
2022-26937). Also, analyzing endpoint vulnerabilities by volume and
detections reveals the relentless path of cyber adversaries
attempting to gain access by maximizing both old and new
vulnerabilities. In addition, when looking specifically at OT
vulnerability trends, the sector was not spared. A wide range of
devices and platforms experienced in-the-wild exploits,
demonstrating the cybersecurity reality of increased IT and OT
convergence and the disruptive goals of adversaries. Advanced
endpoint technology can help mitigate and effectively remediate
infected devices at an early stage of an attack. In addition,
services such as a digital risk protection service (DRPS) can be
used to do external surface threat assessments, find and remediate
security issues, and help gain contextual insights on current and
imminent threats.
Destructive Threat Trends Continue With Wipers
Widening: Wiper malware trends reveal a disturbing
evolution of more destructive and sophisticated attack techniques
continuing with malicious software that destroys data by wiping it
clean. The war in Ukraine fueled a substantial increase in disk
wiping malware among threat actors primarily targeting critical
infrastructure. FortiGuard Labs identified at least seven major new
wiper variants in the first six months of 2022 that were used in
various campaigns against government, military, and private
organizations. This number is significant because it is close to
the number of wiper variants that have been publicly detected since
2012. Additionally, the wipers did not stay in one geographical
location but were detected in 24 countries besides Ukraine. To
minimize the impact of wiper attacks, network detection and
response (NDR) with self-learning artificial intelligence (AI) is
helpful to better detect intrusions. Also backups must be stored
off-site and offline.
Defense Evasion Remains Top Attack Tactic
Globally: Examining adversarial strategies reveals
takeaways about how attack techniques and tactics are evolving.
FortiGuard Labs analyzed the functionality of detected malware to
track the most prevalent approaches over the last six months. Among
the top eight tactics and techniques focused on the endpoint,
defense evasion was the most employed tactic by malware developers.
They are often using system binary proxy execution to do so. Hiding
malicious intentions is one of the most important things for
adversaries. Therefore, they are attempting to evade defenses by
masking them and attempting to hide commands using a legitimate
certificate to execute a trusted process and carry out malicious
intent. In addition, the second most popular technique was process
injection, where criminals work to inject code into the address
space of another process to evade defenses and improve stealth.
Organizations will be better positioned to secure against the broad
toolkits of adversaries armed with this actionable intelligence.
Integrated, AI and ML-driven cybersecurity platforms with advanced
detection and response capabilities powered by actionable threat
intelligence are important to protect across all edges of hybrid
networks.
Graph of top malware tactics and techniques
(endpoint)https://www.globenewswire.com/NewsRoom/AttachmentNg/b4801331-9308-4dfc-bf88-98a3a181c7ad
AI-powered Security Across the Extended Attack
SurfaceWhen organizations gain a deeper understanding of
the goals and tactics used by adversaries through actionable threat
intelligence, they can better align defenses to adapt and react to
quickly changing attack techniques proactively. Threat insights are
critical to help prioritize patching strategies to better secure
environments. Cybersecurity awareness and training are also
important as the threat landscape changes to keep employees and
security teams up-to-date. Organizations need security operations
that can function at machine speed to keep up with the volume,
sophistication, and rate of today’s cyber threats. AI and
ML-powered prevention, detection, and response strategies based on
a cybersecurity mesh architecture allow for much tighter
integration, increased automation, as well as a more rapid,
coordinated, and effective response to threats across the extended
network.
Report OverviewThis latest Global Threat
Landscape Report is a view representing the collective intelligence
of FortiGuard Labs, drawn from Fortinet’s vast array of sensors
collecting billions of threat events observed around the world
during the first half of 2022. Similar to how the MITRE ATT&CK
framework classifies adversary tactics and techniques, with the
first three groupings spanning reconnaissance, resource
development, and initial access, the FortiGuard Labs Global Threat
Landscape Report leverages this model to describe how threat actors
target vulnerabilities, build malicious infrastructure, and exploit
their targets. The report also covers global and regional
perspectives as well as threat trends affecting IT and OT.
Additional Resources
- Subscribe to our blog for valuable takeaways from this research
as the FortiGuard Labs team examines topics from the report in
upcoming weeks.
- Learn more about FortiGuard Labs threat intelligence and
research and Outbreak Alerts, which provide timely steps to
mitigate breaking cybersecurity attacks.
- Learn more about Fortinet’s FortiGuard Security Services
portfolio.
- Learn more about Fortinet’s free cybersecurity
training, which includes broad cyber awareness
and product training. As part of the Fortinet Training
Advancement Agenda (TAA), the Fortinet Training Institute also
provides training and certification through
the Network Security Expert (NSE) Certification, Academic
Partner, and Education Outreach programs.
- Read about how Fortinet customers are securing their
organizations.
- Engage in the Fortinet User Community (Fuse). Share ideas and
feedback, learn more about our products and technology, and connect
with peers.
- Follow Fortinet on Twitter, LinkedIn, Facebook,
and Instagram. Subscribe to Fortinet on our blog or
YouTube.
About FortiGuard LabsFortiGuard Labs is the
threat intelligence and research organization at Fortinet. Its
mission is to provide Fortinet customers with the industry’s best
threat intelligence designed to protect them from malicious
activity and sophisticated cyberattacks. It is composed of some of
the industry’s most knowledgeable threat hunters, researchers,
analysts, engineers, and data scientists in the industry, working
in dedicated threat research labs all around the world. FortiGuard
Labs continuously monitors the worldwide attack surface using
millions of network sensors and hundreds of intelligence-sharing
partners. It analyzes and processes this information using AI and
other innovative technology to mine that data for new threats.
These efforts result in timely, actionable threat intelligence in
the form of Fortinet security product updates, proactive threat
research to help our customers better understand the threats and
actors they face, and threat intelligence to help our customers
better understand and defend their threat landscape. Learn more
at https://www.fortinet.com, the Fortinet Blog,
and FortiGuard Labs.
About FortinetFortinet (NASDAQ: FTNT) makes
possible a digital world that we can always trust through its
mission to protect people, devices, and data everywhere. This
is why the world’s largest enterprises, service providers, and
government organizations choose Fortinet to securely accelerate
their digital journey. The Fortinet Security Fabric platform
delivers broad, integrated, and automated protections across the
entire digital attack surface, securing critical devices, data,
applications, and connections from the data center to the cloud to
the home office. Ranking #1 in the most security appliances shipped
worldwide, more than 595,000 customers trust Fortinet to protect
their businesses. And the Fortinet NSE Training Institute, an
initiative of Fortinet’s Training Advancement Agenda (TAA),
provides one of the largest and broadest training programs in the
industry to make cyber training and new career opportunities
available to everyone. Learn more at https://www.fortinet.com,
the Fortinet Blog, and FortiGuard Labs.
FTNT-O
Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols
® and ™ denote respectively federally registered trademarks and
common law trademarks of Fortinet, Inc., its subsidiaries and
affiliates. Fortinet’s trademarks include, but are not limited to,
the following: Fortinet, the Fortinet logo, FortiGate, FortiOS,
FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC,
FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC,
FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam,
FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera,
FortiCarrier, FortiCASB, FortiCentral, FortiConnect,
FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS,
FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR,
FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB,
FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink,
FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest,
FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence,
FortiProxy, FortiRecon, FortiRecorder, FortiSASE,
FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch,
FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN,
FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other
trademarks belong to their respective owners. Fortinet has not
independently verified statements or certifications herein
attributed to third parties and Fortinet does not independently
endorse such statements. Notwithstanding anything to the contrary
herein, nothing herein constitutes a warranty, guarantee, contract,
binding specification or other binding commitment by Fortinet or
any indication of intent related to a binding commitment, and
performance and other specification information herein may be
unique to certain environments.
Media Contact: |
Investor Contact: |
Analyst Contact: |
|
|
|
John Welton |
Peter Salkowski |
Brian Greenberg |
Fortinet, Inc. |
Fortinet, Inc. |
Fortinet, Inc. |
408-235-7700 |
408-331-4595 |
408-235-7700 |
pr@fortinet.com |
psalkowski@fortinet.com |
analystrelations@fortinet.com |
|
|
|
Fortinet (LSE:0IR9)
Historical Stock Chart
From Jun 2024 to Jul 2024
Fortinet (LSE:0IR9)
Historical Stock Chart
From Jul 2023 to Jul 2024