Ransomware variants nearly double in six months
Fortinet announced the latest semiannual FortiGuard Labs Global Threat Landscape Report, and it comes with some interesting insights.
Predictably, ransomware remains a top threat, and continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS) business model. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period.
To protect against ransomware, organizations need a higher focus on each endpoint (from laptops to servers and other workloads). It is no wonder that Fortinet (traditionally associated with networking security devices) is now including telemetry from its endpoint software in the semi-annual Report. That includes real-time visibility, protection, and remediation from ZTNA and EDR software agents, mostly Windows workstations in case of Fortinet. The section on top Tactics and Techniques (TTPs) relies exclusively on EDR data and reveals the most prevalent techniques used: System Binary Proxy Execution and Process Injection.
The insights from endpoints in terms of behavior analytics and automated correlation have become essential and without them the organization is blind and cannot mount an effective defense against modern threats. Fortinet concludes the report precisely on emphasizing endpoint security (together with patching and staff training) as one of the key initiatives to help organizations stay aware and prepared to respond. In practice this means, mostly, EDR/XDR and ZTNA capabilities.
Another topic in the Report is the rise of wiper malware as part of adversary toolkits. Wiper malware trends reveal a disturbing evolution of more destructive and sophisticated attack techniques continuing with malicious software that destroys data by wiping it clean - FortiGuard Labs identified at least seven major new wiper variants in the first six months of 2022 that were used in various campaigns against government, military, and private organizations. This number is significant because it is close to the total number of wiper variants that have been publicly detected since 2012.
Security vendors are now actively tracking trends in Operational technology (OT) environments and products, as these are increasingly targeted and demonstrate higher risk due to today’s shift from airgapped environments to the interconnected world. So it's interesting to see the Report offers insights into the OT vendors most affected by exploits in H12022, including Samsung, Honeywell, Windriver, etc. Read more in the Fortinet FortiGuard Labs Global Threat Landscape Report.