Rising Targeted Attacks Amid Decreased Ransomware Detections: Fortinet's Latest Threat Report

In a digital landscape where cyber threats are constantly evolving, Fortinet's Q2 2023 Threat Report sheds light on the ever-changing dynamics of cybersecurity. Alan Reyes, Country Manager of Fortinet Philippines, recently presented the key findings from this semiannual report during a press briefing at the New World Makati Hotel. The report offers a comprehensive overview of the global threat landscape, providing valuable intelligence for organizations to fortify their cybersecurity defenses.

One of the most notable trends observed in the first half of 2023 is a decrease in ransomware detections. This might seem like good news on the surface, but it's essential to dig deeper into the data to understand the full picture. While fewer organizations detected ransomware during this period, it doesn't necessarily mean that the threat has diminished. Instead, it indicates a shift in tactics among cybercriminals.

The rise of Ransomware-as-a-Service (RaaS) has made ransomware attacks more targeted and lucrative for cybercriminals. They are increasingly focusing on high-value targets, aiming to maximize their return on investment (ROI) per attack. As a result, the volume of ransomware detections has become more volatile, closing the first half of 2023 at a level 13 times higher than the end of 2022.

Another significant insight from the report is the heightened activity among advanced persistent threat (APT) groups. For the first time in the history of the Global Threat Landscape Report, FortiGuard Labs tracked the number of threat actors behind the trends. The data revealed that 30% of the 138 cyberthreat groups tracked by MITRE were active in the first half of 2023. These groups, such as Turla, StrongPity, Winnti, OceanLotus, and WildNeutron, were particularly active based on malware detections.

Additionally, the report highlighted the importance of addressing vulnerabilities promptly. FortiGuard Labs analyzed over 11,000 published vulnerabilities spanning six years and found that vulnerabilities categorized with a high EPSS score (top 1% severity) were 327 times more likely to be exploited within seven days compared to other vulnerabilities. This underscores the urgency of patching and securing systems promptly to reduce the risk of exploitation.

The report also delved into the proliferation of unique exploits and malware variants. In the first half of 2023, FortiGuard Labs detected over 10,000 unique exploits, marking a 68% increase from five years ago. This surge in unique exploit detections reflects the growing diversity and volume of malicious attacks that security teams must contend with.

Moreover, the number of malware families and variants has exploded, with a 135% increase in malware families and a staggering 175% surge in variants. Cybercriminal and APT groups are expanding their operations and diversifying their attacks, targeting organizations in various sectors.

Botnets, too, pose a growing threat. The report revealed that botnets are lingering in networks longer than ever before, with the average time botnets persistently communicated with their command and control servers being 83 days in the first half of 2023. This represents a 1,000-fold increase compared to five years ago, highlighting the need for rapid response to mitigate the damage caused by these persistent threats.

As the cybersecurity landscape continues to evolve, FortiGuard Labs emphasizes the importance of an all-inclusive approach to disrupt cybercrime. Collaboration, intelligence sharing, and the deployment of advanced security measures are key to staying ahead of cyber adversaries. Fortinet, a leader in enterprise-class cybersecurity and networking innovation, plays a pivotal role in enhancing protection against cyber threats through its AI-powered security services and technologies.

The report also provided insights specific to the Philippines, where Excel and Microsoft Intermediate Language (MSIL) malware variants emerged as prominent threats in the second quarter of 2023. These versatile malware types have adapted to various forms of malicious software, making them challenging to combat. Additionally, the Philippines faced challenges from various botnets, including Mirai, Ghost Rat, Bladabindi, Mozi, and RotaJakiro, highlighting the need for individuals and organizations to remain vigilant and proactive in fortifying their cybersecurity defenses.

In conclusion, the Q2 2023 Threat Report from FortiGuard Labs serves as a vital resource for organizations and individuals to understand the evolving threat landscape and take proactive steps to protect their digital assets. The collaboration and commitment of the cybersecurity community are essential to stay one step ahead of cyber adversaries and ensure a secure digital future.