Fortinet: Ransomware variants nearly double in six months

Source: Fortinet. Multiple graphs showing research findings for Singapore.
Source: Fortinet. Singapore 1H22 findings from the FortiGuard Labs Global Threat Landscape Report.

Fortinet, a global player in broad, integrated, and automated cybersecurity solutions, has announced that the ransomware threat continues to adapt, with more variants enabled by ransomware-as-a-service (RaaS).

According to the company's semiannual FortiGuard Labs Global Threat Landscape Report* for 1H22:

- Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. 

- Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence. 

- Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits. 

- Cyber adversaries are embracing more reconnaissance and defense evasion techniques to increase precision and destructive weaponisation across the cyberattack chain.

Ransomware remains a top threat, and cyber adversaries continue to invest significant resources into new attack techniques. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period. - nearly 100% growth in ransomware variants in half a year. 

RaaS, with its popularity on the dark web, continues to fuel an industry of criminals forcing organisations to consider ransomware settlements, Fortinet said, recommending that all organisations adopt a proactive approach. Real-time visibility, protection, and remediation coupled with Zero-Trust network access (ZTNA) and advanced endpoint detection and response (EDR) are critical, the company said.

The digital convergence of IT and OT and the endpoints enabling WFA remain key vectors of attack as adversaries continue to target the growing attack surface. Many exploits of vulnerabilities at the endpoint involve unauthorised users gaining access to a system, then using lateral movement to get deeper into corporate networks. For example, a spoofing vulnerability (CVE 2022-26925) placed high in volume, as well as a remote code execution (RCE) vulnerability (CVE 2022-26937).

OT devices and platforms experienced in-the-wild exploits, demonstrating the cybersecurity reality of increased IT and OT convergence. Advanced endpoint technology can help mitigate and effectively remediate infected devices at an early stage of an attack, Fortinet suggested. In addition, services such as a digital risk protection service (DRPS) can be used to perform external surface threat assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats.

Trends in wiper malware - malicious software that destroys data by wiping storage clean - reveal more destructive and sophisticated attack techniques. FortiGuard Labs identified at least seven major new wiper variants in the first six months of 2022 that were used in various campaigns against government, military, and private organisations. This number is significant because it is close to the number of wiper variants that have been publicly detected since 2012, the company noted. 

Additionally, the wipers were not confined to one geographical location, but were detected in 25 countries. To minimise the impact of wiper attacks, Fortinet recommends using network detection and response (NDR) with self-learning artificial intelligence (AI) to better detect intrusions. The company also advised that backups should be stored off-site and offline.

FortiGuard Labs analysed the functionality of detected malware to track the most prevalent approaches over the last six months. Defense evasion - avoiding or otherwise rendering defenses useless - was the most employed tactic focused on the endpoint. Malware developers often use system binary proxy execution** for this, Fortinet said, masking their malicious intentions and attempting to hide commands using a legitimate certificate to execute a trusted process while carrying out malicious intent. 

The second-most popular technique was process injection, where criminals work to inject code into the address space of another process to evade defenses and improve stealth. Integrated, AI and machine learning (ML)-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are important to protect across all edges of hybrid networks, Fortinet stated.

While threat insights help prioritise patching strategies to better secure environments, cybersecurity awareness and training are also important, Fortinet added. Ideally, security operations should function at machine speed to keep up with the volume, sophistication, and speed of today’s cyberthreats. Additionally, AI and ML-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture will allow for much tighter integration, increased automation, as well as a more rapid, coordinated, and effective response to threats across the extended network.

Details

Read the blog for takeaways from the research.

Learn about Fortinet’s free cybersecurity training.

*This Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s sensors collecting billions of threat events observed around the world during the first half of 2022. Similar to how the MITRE ATT&CK framework classifies adversary tactics and techniques, with the first three groupings spanning reconnaissance, resource development, and initial access, the FortiGuard Labs Global Threat Landscape Report leverages this model to describe how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives as well as threat trends affecting IT and OT. 

**Binary files are small files that are not text files. They are typically trusted by computers, making them a good vehicle for a cyberattack.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more