Cybercriminals are on the rise, targeting new vulnerabilities that stem from the increasing number of connected devices and the vast array of online services available in the digital landscape. Fortinet, in its latest semiannual report, sheds light on the active threat landscape from July to December of 2023. The report highlights the speed at which cyber attackers are exploiting newly identified exploits, focusing on the surge in ransomware and wiper activity against the industrial and OT sector.

According to FortiGuard Labs’ analysis, attacks are initiated, on average, within 4.76 days after the public disclosure of new exploits. This acceleration in attack speed compared to the first half of 2023 emphasizes the importance for vendors to prioritize internal vulnerability discovery and patch development to prevent exploitation. It also underlines the crucial role of vendors in transparently disclosing vulnerabilities to customers, enabling them to safeguard their assets against cyber threats.

Aside from identifying new vulnerabilities, organizations also need to be vigilant about older exploits. Fortinet telemetry revealed that 41% of organizations detected exploits from signatures less than a month old, while 98% detected N-Day vulnerabilities that have persisted for at least five years. The persistence of threats targeting vulnerabilities that are over 15 years old emphasizes the necessity for organizations to maintain robust security hygiene practices and promptly install patches and updates to fortify network security.

FortiGuard Labs found that less than 9% of all known endpoint vulnerabilities were actively targeted by attacks. This signifies a smaller active attack surface for security teams to concentrate their remediation efforts, emphasizing the relevance of prioritizing vulnerability management strategies to safeguard critical endpoints.

Ransomware attacks have increasingly targeted crucial industries, with 44% of ransomware and wiper samples focusing on the industrial sector. The shift from widespread ransomware tactics to targeted attacks on sectors such as energy, healthcare, manufacturing, transportation, logistics, and automotive industries highlights the evolving strategies employed by cyber attackers to maximize impact.

Botnets have demonstrated remarkable resilience, with command and control communications continuing for an average of 85 days post-detection. While bot traffic remained steady, the emergence of new botnets like AndroxGh0st, Prometei, and DarkGate in the second half of 2023 underscores the evolving nature of threats in the cybersecurity landscape.

The report also delves into the activities of advanced persistent threat (APT) groups, with 38 out of the 143 groups listed by MITRE observed to be active during the latter half of 2023. Notable groups like Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig were among the most active threat actors during this period.

Furthermore, the report provides insights from FortiRecon on dark web activities, revealing discussions among threat actors targeting organizations primarily in the finance, business services, and education sectors. Over 3,000 data breaches were shared on dark web forums, with active discussions on vulnerabilities and the advertisement of over 850,000 payment cards for sale.

In conclusion, the evolving threat landscape outlined in the 2H 2023 Global Threat Landscape Report underscores the urgency for both vendors and customers to collaborate in fortifying cybersecurity defenses. Vendors must prioritize security in product development and transparently disclose vulnerabilities, while customers should maintain a rigorous patching regimen to mitigate exploitation risks in the ever-evolving digital ecosystem. Derek Manky, Chief Security Strategist and Global VP Threat Intelligence at FortiGuard Labs, emphasizes the critical role of proactive security measures in tackling cyber threats and safeguarding organizations against malicious attacks.

Source link