cyber
TRENDS nearly every organisation ( 98 %) detected N-Day vulnerabilities that have existed for at least five years . FortiGuard Labs also continues to observe threat actors exploiting vulnerabilities that are more than 15-years-old , reinforcing the need to remain vigilant about security hygiene and a continued prompt for organisations to act quickly through a consistent patching and updating program , employing best practices and guidance from organisations such as the Network Resilience Coalition to improve the overall security of networks .
• Less than 9 % of all known endpoint vulnerabilities were targeted by attacks : In 2022 , FortiGuard Labs introduced the concept of the ‘ red zone ’, which helps readers better understand how likely it is that threat actors will exploit specific vulnerabilities . To illustrate this point , the last three Global Threat Landscape Reports have looked at the total number of vulnerabilities targeting endpoints . In 2H 2023 , research found that 0.7 % of all CVEs observed on endpoints are actually under attack , revealing a much smaller active attack surface for security teams to focus on and prioritise remediation efforts .
• 44 % of all ransomware and wiper samples targeted the industrial sectors : Across all of Fortinet ’ s sensors , ransomware detections dropped by 70 % compared to the first half of 2023 . The observed slowdown in ransomware over the last year can best be attributed to attackers shifting away from the traditional ‘ spray and pray ’ strategy to more of a targeted approach , aimed largely at the energy , healthcare , manufacturing , transportation and logistics and automotive industries .
• Botnets showed incredible resiliency , taking on average 85 days for command and control ( C2 ) communications to cease after first detection : While bot traffic remained steady relative to the first half of 2023 , FortiGuard Labs continued to see the more prominent botnets of the last few years , such as Gh0st , Mirai and ZeroAccess , but three new botnets emerged in the second half of 2023 , including : AndroxGh0st , Prometei and DarkGate .
• 38 of the 143 advanced persistent threat ( APT ) groups listed by MITRE were observed to be active during 2H 2023 : FortiRecon , Fortinet ’ s digital risk protection service , intelligence indicates that 38 of the 143 Groups that MITRE tracks were active in the 2H 2023 . Of those , Lazarus Group , Kimusky , APT28 , APT29 andariel and OilRig were the most active groups . Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals , the evolution and volume of activity in this area is something FortiGuard Labs will be tracking on an on-going basis .
Dark web discourse
The 2H 2023 Global Threat Landscape Report also includes findings from FortiRecon , which give a glimpse into the discourse between threat actors on Dark Web forums , marketplaces , Telegram channels and other sources . Some of the findings include :
• Threat actors discussed targeting organisations within the finance industry most often , followed by the business services and education sectors .
• More than 3,000 data breaches were shared on prominent Dark Web forums .
• 221 vulnerabilities were actively discussed on the darknet , while 237 vulnerabilities were discussed on Telegram channels .
• Over 850,000 payment cards were advertised for sale .
Turning the tide against cybercrime
With the attack surface constantly expanding and an industry wide cybersecurity skills shortage , it ’ s more challenging than ever for businesses to properly manage complex infrastructure composed of disparate solutions , let alone keep pace with the volume of alerts from point products and the diverse tactics , techniques and procedures threat actors leverage to compromise their victims .
Turning the tide against cybercrime requires a culture of collaboration , transparency and accountability on a larger scale than from just individual organisations in the cybersecurity space . Every organisation has a place in the chain of disruption against cyberthreats . Collaboration with high-profile , well-respected organisations from both the public and private sectors , including CERTs , government entities and academia , is a fundamental aspect of Fortinet ’ s commitment to enhance cyber-resilience globally .
It ’ s through constant technology innovation and collaboration across industries and working groups , such as Cyberthreat Alliance , Network Resilience Coalition , Interpol , the World Economic Forum ( WEF ) Partnership Against Cybercrime and WEF Cybercrime Atlas , that will collectively improve protections and aid in the fight against cybercrime globally .
WWW . INTELLIGENTCISO . COM 21