According to Fortinet, cybercriminals have their sights on the increasing number of new vulnerabilities triggered by the expansion of online services and applications, as well as the rapid rise in the number and variety of connected devices. It's only inevitable that assaults targeting those vulnerabilities will increase.
The most recent semiannual report provides a snapshot of the active threat landscape and highlights trends from July to December 2023, including an analysis of the rate at which cyber criminals are capitalising on newly discovered exploits from across the cybersecurity industry, as well as the rise of targeted ransomware and wiper activity against the industrial and OT sectors.
Attacks began an average of 4.76 days after new exploits were publicly revealed: FortiGuard Labs, like the 1H 2023 Global Threat Landscape Report, wanted to understand how long it takes for a vulnerability to go from initial release to exploitation, whether flaws with a high Exploit Prediction Scoring System (EPSS) score are exploited faster, and whether EPSS data could be used to predict the average time-to-exploitation.
Vendors’ obligation to disclose flaws
Based on this analysis, attackers increased the rate at which they exploited newly revealed vulnerabilities in the second half of 2023 (43% faster than in the first half of 2023). This highlights the importance of vendors committing to internally discovering vulnerabilities and implementing patches before exploitation starts. It also emphasises the importance of vendors disclosing vulnerabilities to customers proactively and transparently in order to provide them with the information they need to successfully secure their assets before cyber attackers exploit N-day flaws.
CISOs and security teams need to be concerned about more than simply newly found vulnerabilities. According to Fortinet telemetry, 41% of organisations discovered exploits from signatures that were less than a month old, while 98% detected N-Day vulnerabilities that had existed for at least five years.
FortiGuard Labs has also observed threat actors exploiting vulnerabilities that are more than 15 years old, emphasising the importance of upholding security hygiene and prompting organisations to act quickly through a consistent patching and updating programme, employing best practices and guidance from organisations such as the Network Resilience Coalition to improve network security overall.
Ransomware targeting critical sectors
44% of all ransomware and wiper samples targeted the industrial sector. Ransomware detections decreased by 70% across all Fortinet sensors when compared to the first half of 2023. The observed drop in ransomware over the last year can be due to attackers moving away from the old "spray and pray" technique and towards a more focused approach, primarily targeting the energy, healthcare, manufacturing, transportation and logistics, and automotive industries.
Botnets shown amazing durability, with command and control (C2) connections ceasing on average 85 days after initial detection. While bot traffic remained consistent with the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of recent years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets surfaced in the second half of 2023: AndroxGh0st, Prometei, and DarkGate.
38 of the 143 advanced persistent threat (APT) groups listed by MITRE were observed to be active during the second half of 2023. FortiRecon, Fortinet's digital risk prevention solution, reports that 38 of the 143 Groups tracked by MITRE were active in the second half of 2023. The most active groups included the Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig.
“The 2H 2023 Global Threat Landscape Report from FortiGuard Labs continues to shine a light on how quickly threat actors are taking advantage of newly disclosed vulnerabilities. In this climate, both vendors and customers have a role to play. Vendors must introduce robust security scrutiny at all stages of the product development life cycle and dedicate themselves to responsible radical transparency in their vulnerability disclosures. With over 26,447 vulnerabilities across more than 2,000 vendors in 2023 as cited by NIST, it is also critical that customers maintain a strict patching regimen to reduce the risk of exploitation,” stated Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, FortiGuard Labs.
