Ransomware variants double in six months according to latest FortiGuard Labs report

Fortinet recently shared its latest semiannual FortiGuard Labs Global Threat Landscape Report. According to the findings, there has been a nearly 100 percent increase in ransomware variants in half a year.

Highlights from the report include:

• The ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS).
• Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence.
• Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits.
• Cyber adversaries are embracing more reconnaissance and defence evasion techniques to increase precision and destructive weaponization across the cyber-attack chain.

Ransomware variant growth indicates evolving crime ecosystems 

Ransomware is still a top threat and cyber adversaries continue to invest significant resources into new attack techniques. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period. This is a nearly 100 percent growth in ransomware variants in half a year. RaaS continues to fuel an industry of criminals forcing organizations to consider ransomware settlements. Fortinet suggests taking a proactive approach to safeguard against ransomware threats.

OT and the endpoint remain irresistible targets

The digital convergence of IT and OT and the endpoints enabling WFA remain key vectors of attack as adversaries continue to target the growing attack surface. Many exploits of vulnerabilities at the endpoint involve unauthorized users gaining access to a system with a goal of lateral movement to get deeper into corporate networks. Also, analyzing endpoint vulnerabilities by volume and detections reveals the relentless path of cyber adversaries attempting to gain access by maximizing both old and new vulnerabilities.

In addition, when looking specifically at OT vulnerability trends, the sector was not spared. A wide range of devices and platforms experienced in-the-wild exploits, demonstrating the cybersecurity reality of increased IT and OT convergence and the disruptive goals of adversaries. Advanced endpoint technology can help mitigate and effectively remediate infected devices at an early stage of an attack, suggests Fortinet.

Wiper malware more destructive and sophisticated

Wiper malware trends reveal an evolution of more destructive and sophisticated attack techniques continuing with malicious software that destroys data by wiping it clean. FortiGuard Labs identified at least seven major new wiper variants in the first six months of 2022 that were used in various campaigns. This number is significant because it is close to the number of wiper variants that have been publicly detected since 2012. Additionally, the wipers did not stay in one geographical location.

Defence evasion is the top attack tactic

FortiGuard Labs tracked the most prevalent attack approaches over the last six months. Among the top eight tactics and techniques focused on the endpoint, malware developers employed the defence evasion tactic the most. They are often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important things for adversaries. Therefore, they are attempting to evade defences by masking them and attempting to hide commands using a legitimate certificate to execute a trusted process and carry out malicious intent. The second most popular technique was process injection, where criminals work to inject code into the address space of another process to evade defences and improve stealth.

AI-powered security across the extended attack surface

Fortinet explains that a deeper understanding of cyber attack goals and tactics can help companies setup defences to adapt and react to quickly changing attack techniques proactively. Threat insights are critical to help prioritize patching strategies to better secure environments. Cybersecurity awareness and training are also important as the threat landscape changes to keep employees and security teams up-to-date. Organizations need security operations that can function at machine speed to keep up with the volume, sophistication, and speed of today’s cyber threats. AI and ML-powered prevention, detection and response strategies based on a cybersecurity mesh architecture allow for much tighter integration, increased automation, as well as a more rapid, coordinated, and effective response to threats across the extended network.