Fortinet Research Reveals Cybercriminals Exploiting Industry Vulnerabilities 43% Faster in 2H 2023

#FortiGuard Labs’ latest Global Threat Landscape Report for 2H 2023 underscores the importance of vendors adhering to vulnerability disclosure best practices and organizations enhancing their cyber hygiene and patch management.

Fortinet® (NASDAQ: FTNT), unveiled the FortiGuard Labs 2H 2023 Global Threat Landscape Report. This semi-annual report provides a snapshot of the current threat landscape, highlighting trends from July to December 2023. It includes an analysis of the speed at which cyber attackers are exploiting newly identified vulnerabilities across the cybersecurity industry and the rise of targeted ransomware and wiper activity against the industrial and OT sector.

Key findings from 2H 2023 include:

• Rapid Exploitation of New Vulnerabilities: Attacks began on average 4.76 days after new exploits were publicly disclosed, 43% faster than 1H 2023. This highlights the need for vendors to discover vulnerabilities internally and develop a patch before exploitation can occur. It also emphasizes the need for vendors to proactively and transparently disclose vulnerabilities to customers to ensure they can protect their assets effectively before cyber adversaries can exploit N-day vulnerabilities.

• Long-standing N-Day Vulnerabilities: Fortinet telemetry found that 41% of organizations detected exploits from signatures less than one month old and nearly every organization (98%) detected N-Day vulnerabilities that have existed for at least five years. Some vulnerabilities have been exploited for more than 15 years, reinforcing the need for consistent patching and updating programs.

• Limited Endpoint Vulnerabilities Targeted: In 2H 2023, research found that only 0.7% of all CVEs observed on endpoints are actually under attack, revealing a much smaller active attack surface for security teams to focus on and prioritize remediation efforts.

• Targeted Ransomware and Wiper Attacks: Ransomware detections dropped by 70% compared to the first half of 2023 due to attackers shifting from a traditional “spray and pray” strategy to a more targeted approach, aimed largely at the energy, healthcare, manufacturing, transportation and logistics, and automotive industries.

• Resilient Botnets: Botnets showed incredible resiliency, taking on average 85 days for command and control (C2) communications to cease after first detection. Three new botnets emerged in the second half of 2023, including: AndroxGh0st, Prometei, and DarkGate.

• Active Advanced Persistent Threat (APT) Groups: FortiRecon intelligence indicates that 38 of the 143 Groups that MITRE tracks were active in 2H 2023. Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig were the most active groups.

Dark Web Discourse

The 2H 2023 Global Threat Landscape Report also includes findings from FortiRecon, which provide insights into the discourse between threat actors on dark web forums, marketplaces, Telegram channels, and other sources. Some of the findings include:

• Threat actors discussed targeting organizations within the finance industry most often, followed by the business services and education sectors.
• More than 3,000 data breaches were shared on prominent dark web forums.
• 221 vulnerabilities were actively discussed on the darknet, while 237 vulnerabilities were discussed on Telegram channels.
• Over 850,000 payment cards were advertised for sale.

FAQs

1. What is the main focus of the FortiGuard Labs 2H 2023 Global Threat Landscape Report? The report focuses on the current threat landscape, highlighting trends from July to December 2023. It includes an analysis of the speed at which cyber attackers are exploiting newly identified vulnerabilities across the cybersecurity industry and the rise of targeted ransomware and wiper activity against the industrial and OT sector.

2. What are the key findings of the report? The key findings include the rapid exploitation of new vulnerabilities, the existence of long-standing N-Day vulnerabilities, the limited number of endpoint vulnerabilities targeted, the shift in ransomware attacks, the resilience of botnets, and the activity of Advanced Persistent Threat (APT) groups.

3. What insights does the report provide about the dark web? The report provides insights into the discourse between threat actors on dark web forums, marketplaces, Telegram channels, and other sources. It reveals that threat actors often discuss targeting organizations within the finance industry, and that more than 3,000 data breaches were shared on prominent dark web forums.

4. What is Fortinet’s approach to combating cybercrime? Fortinet believes that turning the tide against cybercrime requires a culture of collaboration, transparency, and accountability on a larger scale than just individual organizations in the cybersecurity space. It’s through constant technology innovation and collaboration across industries and working groups that protections can be improved and the fight against cybercrime can be aided globally.