Fortinet, the global cybersecurity provider driving the convergence of networking and security, has found that attackers were quicker to capitalise on newly-publicised vulnerabilities in 2H23 compared to 1H23.
The research finding is in the FortiGuard Labs 2H 2023 Global Threat Landscape Report, which acts as a snapshot of the active threat landscape and highlights trends from July to December of 2023.
Highlights from 2H23 include:
Attacks started on average 4.76 days after new exploits were publicly disclosed
Like the 1H 2023 Global Threat Landscape Report, FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high Exploit Prediction Scoring System (EPSS) score get exploited faster, and whether it could predict the average time-to-exploitation using EPSS data. Based on this analysis, 2H23 saw attackers move on new vulnerabilities 43% faster than in 1H23.
This shines a light on the need for vendors to dedicate themselves to internally discovering vulnerabilities and developing a patch before exploitation can occur, Fortinet said. The company also called for vendors to proactively and transparently disclose vulnerabilities to customers to ensure they have the information needed to effectively protect their assets before cyber adversaries can exploit n-day vulnerabilities*.
Some n-day vulnerabilities remain unpatched for 15+ years
Fortinet telemetry found that 41% of organisations detected exploits from signatures less than one month old and nearly every organisation (98%) detected n-day vulnerabilities that have existed for at least five years. FortiGuard Labs also continues to observe threat actors exploiting vulnerabilities that are more than 15 years old, reinforcing the need to remain vigilant about security hygiene.
Fortinet also advised organisations to act quickly through a consistent patching and updating programme, and employ best practices and guidance from organisations such as the Network Resilience Coalition to improve the overall security of networks.
Under 9% of all known endpoint vulnerabilities were targeted by attacks
In 2022, FortiGuard Labs introduced the concept of the “red zone”, which helps users better understand how likely it is that threat actors will exploit specific vulnerabilities. To illustrate this point, the last three Global Threat Landscape Reports have looked at the total number of vulnerabilities targeting endpoints.
In 2H23, research found that 0.7% of all common vulnerabilities and exposures (CVEs) observed on endpoints are actually under attack, revealing a much smaller active attack surface for security teams to focus on and prioritise remediation efforts.
Forty-four percent of all ransomware and wiper samples targeted the industrial sectors
Across all of Fortinet’s sensors, ransomware detections dropped by 70% compared to 1H23. The observed slowdown in ransomware over the last year can best be attributed to attackers shifting away from the traditional “spray and pray” strategy to more of a targeted approach, aimed largely at the energy, healthcare, manufacturing, transportation and logistics, as well as automotive industries.
Botnets took on average 85 days for command and control (C2) communications to cease after first detection
While bot traffic remained steady relative to 1H23, FortiGuard Labs continued to see the more prominent botnets of the last few years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets emerged in 2H23, including AndroxGh0st, Prometei, and DarkGate.
Thirty-eight of 143 advanced persistent threat (APT) groups were active in 2H23
FortiRecon, Fortinet’s digital risk protection service, found that 38 of the 143 groups that MITRE tracks were active in 2H23. Of those, Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig were the most active. Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the evolution and volume of activity in this area is something FortiGuard Labs will be tracking on an ongoing basis.
The 2H 2023 Global Threat Landscape Report also includes findings from FortiRecon, which give a glimpse into the discourse between threat actors on dark web forums, marketplaces, Telegram channels, and other sources. Some of the findings include:
- Threat actors discussed targeting organisations within the finance industry most often, followed by the business services and education sectors.
- More than 3,000 data breaches were shared on prominent dark web forums.
-Two hundred and twenty-one vulnerabilities were actively discussed on the darknet, while 237 vulnerabilities were discussed on Telegram channels.
- Over 850,000 payment cards were advertised for sale.
According to Fortinet, the attack surface is constantly expanding and there is an industry-wide cybersecurity skills shortage, making it more challenging than ever for businesses to properly manage complex infrastructure composed of disparate solutions, keep pace with the volume of alerts from point products, and the tactics, techniques, and procedures threat actors leverage.
The company proposes a global culture of collaboration, transparency, and accountability on a larger scale than from individual organisations in the cybersecurity space involving high-profile, well-respected organisations from both the public and private sectors. This would include cybersecurity emergency response teams (CERTs), government entities, and academia, Fortinet said, naming the Cyber Threat Alliance, Network Resilience Coalition, Interpol, the World Economic Forum (WEF) Partnership Against Cybercrime, and the WEF Cybercrime Atlas as entities that can collectively improve protections and aid in the fight against cybercrime globally.
Rashish Pandey, VP of Marketing and Communications, Asia & ANZ, Fortinet said: "The 2H 2023 Global Threat Landscape Report from FortiGuard Labs underscores the speed at which threat actors are exploiting newly-disclosed vulnerabilities. In this environment, both vendors and customers play crucial roles, particularly in Southeast Asia. Vendors must ensure robust security throughout the product lifecycle and maintain transparency in vulnerability disclosures.
 |
| Source: Fortinet. Cover for the Fortinet Global Threat Landscape Report displayed on a screen. |
"As cybersecurity threats become more sophisticated, adopting a platform-centric approach is vital. This approach consolidates security tools, enhances operational efficiency, and enables rapid adaptation to emerging threats, helping organisations to build resilient and futureproof cybersecurity defences."
Jess Ng, Country Head, Singapore & Brunei, Fortinet added: "The evolving threat landscape in Singapore necessitates a shift to a platform-centric approach in cybersecurity. Traditional, disparate solutions can no longer manage the diverse technologies, hybrid work models, and IT/OT integration that characterise modern networks.
"Fortinet's unified security and network platform addresses these complexities by providing comprehensive threat protection, automated vulnerability management, and streamlined operations. This integrated strategy not only reduces costs and operational complexity, but also ensures that organisations can quickly adapt to new threats, thereby building robust and futureproof cybersecurity operations."
*An n-day vulnerability is one where "n" refers to the number of days the vendor has had to produce a patch that eliminates the vulnerability.
No comments:
Post a Comment