According to Fortinet, cybercriminals have their sights on the increasing number of new vulnerabilities triggered by the expansion of online services and applications, as well as the rapid rise in the number and variety of connected devices.
It's only inevitable that assaults targeting those vulnerabilities will increase.
The most recent semiannual report provides a snapshot of the active threat landscape and highlights trends from July to December 2023, including an analysis of the rate at which cyber criminals are capitalising on newly discovered exploits from across the cybersecurity industry, as well as the rise of targeted ransomware and wiper activity against the industrial and OT sectors.
Attacks began an average of 4.76 days after new exploits were publicly revealed: FortiGuard Labs, like the 1H 2023 Global Threat Landscape Report, wanted to understand how long it takes for a vulnerability to go from initial release to exploitation, whether flaws with a high Exploit Prediction Scoring System score are exploited faster, and whether EPSS data could be used to predict the average time-to-exploitation.
Based on this analysis, attackers increased the rate at which they exploited newly revealed vulnerabilities in the second half of 2023.
This highlights the importance of vendors committing to internally discovering vulnerabilities and implementing patches before exploitation starts.
It also emphasises the importance of vendors disclosing vulnerabilities to customers proactively and transparently in order to provide them with the information they need to successfully secure their assets before cyber attackers exploit N-day flaws.
CISOs and security teams need to be concerned about more than simply newly found vulnerabilities.
According to Fortinet telemetry, 41% of organisations discovered exploits from signatures that were less than a month old, while 98% detected N-Day vulnerabilities that had existed for at least five years.
FortiGuard Labs has also observed threat actors exploiting vulnerabilities that are more than 15 years old, emphasising the importance of upholding security hygiene and prompting organisations to act quickly through a consistent patching and updating programme, employing best practices and guidance from organisations such as the Network Resilience Coalition to improve network security overall.
44% of all ransomware and wiper samples targeted the industrial sector.
Ransomware detections decreased by 70% across all Fortinet sensors when compared to the first half of 2023.
Botnets shown amazing durability, with command and control connections ceasing on average 85 days after initial detection.
While bot traffic remained consistent with the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of recent years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets surfaced in the second half of 2023: AndroxGh0st, Prometei, and DarkGate.
38 of the 143 advanced persistent threat groups listed by MITRE were observed to be active during the second half of 2023.
FortiRecon, Fortinet's digital risk prevention solution, reports that 38 of the 143 Groups tracked by MITRE were active in the second half of 2023.
The most active groups included the Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig.
This Cyber News was published on www.cysecurity.news. Publication date: Mon, 13 May 2024 15:13:08 +0000