Cyber threat actors continue using familiar tactics like ransomware and process injection, while the frequency of attacks and the number of new variants continues to grow, according to the new semiannual FortiGuard Labs Threat Landscape Report from Fortinet.
Ransomware Variants Evolving
Foremost among the findings, ransomware attacks continue to become more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing and reusing old ones, Fortinet reports.
Fortinet found that the number of new ransomware variants it identified increased by nearly 100% in first half of 2022, compared to the previous six-month period. In fact, the FortiGuard Labs team recorded 10,666 new ransomware variants, compared to just 5,400 in the second half of 2021.
Fortinet believes the explosive growth in ransomware can be mainly attributed to ransomware-as-a-service (RaaS) becoming increasingly popular on the dark web. Cybercriminals are using subscription-model services and purchasing plug-and-play ransomware to achieve a quick payday, Fortinet reports.
To protect against ransomware, Fortinet advises that organizations, regardless of industry or size, need a proactive approach. As such, real-time visibility, protection and remediation, coupled with zero-trust network access (ZTNA) and advanced endpoint detection and response (EDR), are critical components to end-to-end cybersecurity.
Cyberattack Targets Expanding
More findings from the FortiGuard report include:
- Work-from-anywhere (WFA) endpoints remain targets for cyberattackers to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence.
- Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits.
- Cyberattackers are embracing more reconnaissance and defense evasion techniques to increase precision and destructive weaponization across the cyberattack chain.
About the Fortinet Report
FortiGuard Labs Threat Landscape Report is drawn from Fortinet’s array of sensors collecting billions of threat events observed around the world. The report leverages the MITRE ATT&CK framework to describe how threat actors find vulnerabilities, build malicious infrastructure and exploit their targets. The report also covers global and regional perspectives and threats against both IT and OT.
Derek Manky, chief security strategist and vice president of Global Threat Intelligence at FortiGuard Labs, explained the imperative around today’s cyber threat landscape:
“Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks. They are using aggressive execution strategies, such as extortion or wiping data, as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment. To combat advanced and sophisticated attacks, organizations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”
Fortinet’s Engage partner program is specifically designed to help MSSPs and cloud service provider consumption models.