FortiGuard Labs Reports Destructive Wiper Malware Increases Over 50%
Fortinet (NASDAQ: FTNT) released its Global Threat Landscape Report, highlighting the increasing sophistication of cyber adversaries. The report reveals a 53% jump in wiper malware incidents between Q3 and Q4 2022, with ongoing ransomware threats peaking globally, particularly via Ransomware-as-a-Service (RaaS). Despite extensive cybersecurity efforts, vulnerabilities like Log4j persist, affecting 41% of organizations. Fortinet emphasizes the importance of machine learning in real-time threat intelligence to combat evolving threats. The report illustrates the need for prioritization in risk mitigation to safeguard against a widening attack surface.
- Global Threat Landscape Report indicates extensive threat intelligence from Fortinet.
- Machine learning-driven threat intelligence enhances real-time security response.
- Priority on risk mitigation efforts can minimize attack surfaces.
- 53% increase in wiper malware incidents from Q3 to Q4 2022 signals escalating threats.
- Ransomware threats remain at peak levels with no signs of slowing.
- Log4j vulnerability still active in 41% of organizations, indicating patching issues.
Adversarial Supply Chains Strengthen in Complexity and Sophistication to Counter Evolving Defenses
SUNNYVALE, Calif., Feb. 22, 2023 (GLOBE NEWSWIRE) --
Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs
“For cyber adversaries, maintaining access and evading detection is no small feat as cyber defenses continue to advance to protect organizations today. To counter, adversaries are augmenting with more reconnaissance techniques and deploying more sophisticated attack alternatives to enable their destructive attempts with APT-like threat methods such as wiper malware or other advanced payloads. To protect against these advanced persistent cybercrime tactics, organizations need to focus on enabling machine learning–driven coordinated and actionable threat intelligence in real time across all security devices to detect suspicious actions and initiate coordinated mitigation across the extended attack surface.”
News Summary:
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the latest semiannual Global Threat Landscape Report from FortiGuard Labs. The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography. For a detailed view of the report, as well as some important takeaways, read the blog.
Highlights of the 2H 2022 report follow:
- The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks.
- New intelligence allows CISOs to prioritize risk mitigation efforts and minimize the active attack surface with the expansion of the “Red Zone” approach.
- Ransomware threats remain at peak levels with no evidence of slowing down globally with new variants enabled by Ransomware-as-a-Service (RaaS).
- The most prevalent malware was more than a year old and had gone through a large amount of speciation, highlighting the efficacy and economics of reusing and recycling code.
- Log4j continues to impact organizations in all regions and industries, most notably across technology, government, and education.
Destructive APT-like Wiper Malware Spreads Wide in 2022
Analyzing wiper malware data reveals a trend of cyber adversaries consistently using destructive attack techniques against their targets. It also shows that with the lack of borders on the internet, cyber adversaries can easily scale these types of attacks, which have been largely enabled by the Cybercrime-as-a-Service (CaaS) model.
In early 2022, FortiGuard Labs reported the presence of several new wipers in parallel with the Russia-Ukraine war. Later in the year, wiper malware expanded into other countries, fueling a
Mapping CVEs Reveals Vulnerability Red Zone to Help CISOs Prioritize
Exploit trends help show what cybercriminals are interested in attacking, probing for future attacks, and are actively targeting. FortiGuard Labs has an extensive archive of known vulnerabilities, and through data enrichment was able to identify actively exploited vulnerabilities in real time and map zones of active risk across the attack surface.
In the second half of 2022, less than
Financially Motivated Cybercrime and Ransomware Threat Holding at Peak Levels
FortiGuard Labs Incident Response (IR) engagements found that financially motivated cybercrime resulted in the highest volume of incidents (
In fact, ransomware volume increased
Adversary Code Reuse Showcases the Resourceful Nature of Adversaries
Cyber adversaries are enterprising in nature and always looking to maximize existing investments and knowledge to make their attack efforts more effective and profitable. Code reuse is an efficient and lucrative way for cybercriminals to build upon successful outcomes while making iterative changes to fine-tune their attacks and overcome defensive obstacles.
When FortiGuard Labs analyzed the most prevalent malware for the second half of 2022, the majority of the top spots were held by malware that was more than one year old. FortiGuard Labs further examined a collection of different Emotet variants to analyze their tendency to borrow and reuse code. The research showed that Emotet has gone through significant speciation with variants breaking into roughly six different “species” of malware. Cyber adversaries are not just automating threats but actively retrofitting code to make it even more effective.
Older Botnet Resurrection Demonstrates the Resiliency of Adversarial Supply Chains
In addition to code reuse, adversaries are also leveraging existing infrastructure and older threats to maximize opportunity. When examining botnet threats by prevalence, FortiGuard Labs discover that many of the top botnets are not new. For example, the Morto botnet, which was first observed in 2011, surged in late 2022. And others like Mirai and Gh0st.Rat continue to be prevalent across all regions. Surprisingly, out of the top five observed botnets, only RotaJakiro is from this decade.
Although it may be tempting to write off older threats as past history, organizations across any sector must continue to stay vigilant. These “vintage” botnets are still pervasive for a reason: They are still very effective. Resourceful cybercriminals will continue to leverage existing botnet infrastructure and evolve it into increasingly persistent versions with highly specialized techniques because the ROI is there. Specifically, in the second half of 2022, significant targets of Mirai included managed security service providers (MSSPs), the telco/carrier sector, and the manufacturing sector, which is known for its pervasive operational technology (OT). Cybercriminals are making a concerted effort to target those industries with proven methods.
Log4j Remains Widespread and Targeted by Cybercriminals
Even with all the publicity that Log4j received in 2021 and the early parts of 2022, a significant number of organizations still have not patched or applied the appropriate security controls to protect their organizations against one of the most notable vulnerabilities in history.
In the second half of 2022, Log4j was still heavily active in all regions and was second. In fact and FortiGuard Labs found that
Analyzing a Piece of the Malware Story: Delivery Shifts Demonstrate Urgency for User Awareness
Analyzing adversarial strategies gives us valuable insights into how attack techniques and tactics are evolving to better protect against future attack scenarios. FortiGuard Labs looked at the functionality of detected malware based on sandbox data to track the most common delivery approaches. It is important to note that this only looks at detonated samples.
In reviewing the top eight tactics and techniques viewed in sandboxing, drive-by-compromise was the most popular tactic used by cybercriminals to gain access into organizations' systems across all regions globally. Adversaries are primarily gaining access to victims’ systems when the unsuspecting user browses the internet and unintentionally downloads a malicious payload by visiting a compromised website, opening a malicious email attachment, or even clicking a link or deceptive pop-up window. The challenge with the drive-by tactic is that once a malicious payload is accessed and downloaded, it is often too late for the user to escape compromise unless they have a holistic approach to security.
Shifting to Meet the Threat Landscape Head-On
Fortinet is a leader in enterprise-class cybersecurity and networking innovation, helping CISOs and security teams break the attack kill chain, minimize the impact of cybersecurity incidents, and better prepare for potential cyberthreats.
Fortinet's suite of security solutions includes a variety of powerful tools like next-generation firewalls (NGFW), network telemetry and analytics, endpoint detection and response (EDR), extended detection and response (XDR), digital risk protection (DRP), security information and event management (SIEM), inline sandboxing, deception, security orchestration, automation, and response (SOAR), and more. These solutions provide advanced threat detection and prevention capabilities that can help organizations quickly detect and respond to security incidents across their entire attack surface.
To complement these solutions and support short-staffed teams strained by the cybersecurity talent shortage, Fortinet also offers machine learning–enabled threat intelligence and response services. These provide up-to-date information on the latest cyberthreats and enable businesses to quickly respond to security incidents, minimizing the impact on their organization. Fortinet’s human-based SOC augmentation and threat intelligence services also help security teams better prepare for cyberthreats and provide real-time threat monitoring and incident response capabilities.
This comprehensive suite of cybersecurity solutions and services enables CISOs and security teams to focus on enabling the business and higher-priority projects.
Report Overview
This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the second half of 2022. Using the MITRE ATT&CK framework, which classifies adversary tactics, techniques, and procedures(TTPs), the FortiGuard Labs Global Threat Landscape Report sets out to describe how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives as well as threat trends affecting both IT and OT environments.
Additional Resources
- Subscribe to our blog for valuable takeaways from this research as the FortiGuard Labs team examines topics from the report in upcoming weeks.
- Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
- Learn more about Fortinet’s FortiGuard Security Services portfolio.
- Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
- Read about how Fortinet customers are securing their organizations.
- Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
About FortiGuard Labs
FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence designed to protect them from malicious activity and sophisticated cyberattacks. It is composed of some of the industry’s most knowledgeable threat hunters, researchers, analysts, engineers, and data scientists in the industry, working in dedicated threat research labs all around the world. FortiGuard Labs continuously monitors the worldwide attack surface using millions of network sensors and hundreds of intelligence-sharing partners. It analyzes and processes this information using AI and other innovative technology to mine that data for new threats. These efforts result in timely, actionable threat intelligence in the form of Fortinet security product updates, proactive threat research to help our customers better understand the threats and actors they face, and threat intelligence to help our customers better understand and defend their threat landscape. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
FTNT-O
Copyright © 2023 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.
Media Contact: | Investor Contact: | Analyst Contact: |
Travis Anderson | Peter Salkowski | Brian Greenberg |
Fortinet, Inc. | Fortinet, Inc. | Fortinet, Inc. |
408-235-7700 | 408-331-4595 | 408-235-7700 |
pr@fortinet.com | psalkowski@fortinet.com | analystrelations@fortinet.com |
FAQ
What does Fortinet's Global Threat Landscape Report highlight about cyber threats?
How has ransomware activity changed according to Fortinet's report?
What vulnerabilities are organizations still facing according to Fortinet?
What role does machine learning play in cybersecurity according to Fortinet?