2H 2022 Worldwide Threat Landscape Report: Key Insights for CISOs

Enterprising cybercriminals are increasingly getting a “work smarter, not harder” strategy, upgrading aged tactics and copying qualities traditionally linked with state-of-the-art persistent menace (APT) assaults. Even though lots of of the assault vectors we observed in the 2nd 50 % of 2022 will glimpse common to CISOs and their groups, the volume of threats continues to skyrocket.

This proliferation of threats presents an ongoing problem for CISOs just about everywhere, especially as businesses go on to embrace electronic transformation and function-from-everywhere (WFA) strategies—two initiatives that widen an organization’s attack surface area. Groups are confronted with securing a fast increasing community and protecting in opposition to a increasing listing of threats, nevertheless typically will have to do so without added resources.

In our 2H 2022 Danger Landscape Report, we examine the cyber-threat landscape around the year’s 2nd 50 percent to establish traits and give insights as to what CISOs and their groups must pay out close awareness to in the new yr and further than. The report conclusions are dependent on the collective intelligence of FortiGuard Labs, drawn from Fortinet’s wide array of sensors accumulating billions of threat events noticed all over the planet throughout this identical time period.

Here is What CISOs Need to Know

Here are the key tendencies CISOs want to know, together with tips for defending their community in the facial area of an evolving array of cyber threats.

Damaging APT-Like Wiper Malware is Now Ubiquitous

In the to start with half of 2022, we witnessed the unfold of harmful, APT-like wiper malware, with at minimum seven new variants emerging across 24 international locations. As the FortiGuard Labs group predicted, this assault technique has only widened its foothold throughout the 2nd 50 percent of 2022. We noticed wiper malware increasing throughout the globe, driving a 53% maximize in wiper activity from Q3 to Q4.

The most interesting—and perhaps concerning—characteristic of this spike in wiper exercise is that, compared with the first surge where nation-point out actors deployed most strains in conjunction with the Russia-Ukraine war, we’re now observing wipers becoming scaled and deployed all over the world devoid of a link to geopolitical functions. These strains are progressively picked up by Crime-as-a-Support (CaaS) groups and broadly dispersed.

CISOs and their teams need to know that each and every organization—regardless of dimensions or industry—is now a viable focus on for wiper malware activity and ought to put together accordingly. Businesses need to implement upcoming-generation firewalls (NGFWs) geared up with inline sandbox engineering and augment people with serious-time risk intelligence companies to detect and block threats like wiper malware.

What is Aged Is New All over again (and Improved Than Just before)

Cyber adversaries always seek out to increase their investments and knowledge in assault efforts. Reusing current infrastructure, botnets, and code can be an less difficult but similarly efficient route to a payday.

In the year’s next fifty percent, we observed cybercriminals reimagining aged attack strains that proved profitable in the previous, reintroducing new (and in a lot of instances, increased) versions. Some acquainted botnet and malware names emerged all through this period—like Mirai and Emotet—many of which are above a calendar year aged.

It’s tempting to produce off older threats as historical past, but this development is yet another reminder that corporations must stay vigilant. When it comes to code reuse and modularization, the quantity and wide range of threats that present day safety teams must cope with make brief detection and response attempts desk stakes. CISOs should really use complete, consolidated security companies to very easily implement automation and promptly counter threats.

Ransomware Continue to Runs Rampant

At the commencing of 2022, we witnessed an explosion of new ransomware variants, pushed primarily by Ransomware-as-a-Provider (RaaS) functions. On the lookout at the next 50 % of the calendar year, it is apparent that ransomware reveals no indications of slowing.

The prime five ransomware codebases observed in samples in the wild accounted for around 37% of all action throughout the back again 50 percent of 2022. GandCrab, a RaaS pressure launched in 2018, topped the listing. Although associates of the GandCrab operation claimed to retire in 2019, we go on to see the reuse of this ransomware codebase circulating. This anecdote illustrates the importance of acquiring world-wide partnerships across the general public and personal sectors to forever dismantle these cybercrime rings, as cybercriminal “retirement” almost never suggests that the group’s ransomware codebase disappears along with it.

In addition to these much larger-scale attempts, there are vital actions CISOs and their teams should consider to guard their networks. Businesses must undertake state-of-the-art endpoint detection and reaction (EDR) technologies to detect and mitigate ransomware threats in genuine-time. Cybersecurity recognition schooling for finish-users—often an organization’s to start with line of protection towards an attack—is more crucial than ever as the range of ransomware variants in circulation continues to increase.

Log4j Lingers

Though Log4j captured headlines during 2021 and into 2022, many companies continue to haven’t used the correct stability controls to protect their enterprises towards this noteworthy vulnerability.

In the second half of 2022, Log4j remained active in all locations, with 41% of companies detecting Log4j action through this time. The extended, popular mother nature of this risk demonstrates just how essential it is to patch program on a regular basis and instantly.

Secure “Red Zone” Lively Attack Surfaces to Greater Handle Organizational Chance

Analyzing exploit traits demonstrate us what cybercriminals are fascinated in attacking, probing for a long run assault, and currently targeting. They also supply a useful picture of wherever businesses really should concentrate their initiatives when it will come to guarding their assault floor and prioritizing patching endeavours.

FortiGuard Labs reviewed Typical Vulnerabilities and Exposures (CVE) data noticed on endpoints and compared that with the CVEs actively below attack during the 2nd half of 2022. The result is superior news for CISOs: Fewer than 1% of all CVEs are existing on endpoints and underneath attack, and quite a few corporations probably have a smaller-than-expected “active” attack surface area or “red zone.”

Stability groups can greater prioritize patching efforts by cross-referencing the exploits similar to the operating techniques an firm makes use of with the CVEs at this time currently being exploited. Solutions these as a electronic threat protection service (DRPS)—which screens the darkish internet for vulnerability mentions that may impact the enterprise—can also support teams extra precisely pinpoint vulnerabilities in their environments.

Embrace Consolidation and Automation to Safeguard Your Company

The progress of CaaS means that stability groups have to safeguard their corporations from an progressively sophisticated selection of threats. The most impactful stage CISOs can just take to mitigate these dangers is to reduce complexity in everyday functions by embracing a extensive and consolidated approach to safety.

By consolidating security remedies and performing with fewer sellers, groups can additional simply put into action automation, ultimately aiding to proactively guard the business and aiding analysts with speedier detection and response. CISOs with more compact groups really should also contemplate making use of offerings like FortiSOAR, AIOps, incident response (IR) and readiness providers as effectively as Stability Functions Centre-as-a-Service (SOCaaS) to increase their inner abilities.

Additional About the 2H 2022 FortiGuard Labs Danger Landscape Report

The most current International Risk Landscape Report represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of menace activities noticed globally all through the 2nd half of 2022. The FortiGuard Labs Worldwide Danger Landscape Report employs the MITRE ATT&CK framework to explain how risk actors find vulnerabilities, construct destructive infrastructure, and exploit their targets. The report handles world-wide and regional perspectives.

 

Down load your duplicate of the 2H 2022 FortiGuard Labs Risk Landscape Report now.