FortiGuard Labs Reports Tenfold Increase in Ransomware
The attack surface of hybrid workers and learners in and out of the traditional network remains. To destabilize the cybercriminal ecosystem in the second half of 2021, law enforcement, and public and private sectors must work together.
Highlights of the 1H 2021 report follow:
1) Data from FortiGuard Labs shows average weekly ransomware activity was tenfold higher in June 2021 than a year ago. This shows a year-on-year growth. Attacks damaged several firms' supply chains, affecting daily life, productivity, and commerce. Businesses in the telecoms sector were the most extensively targeted. This shift in strategy from email-based payloads to gaining and selling first access into business networks shows how Ransomware-as-a-Service (RaaS) is fueling cybercrime. The major message is that ransomware is still a serious threat to all businesses, regardless of size. A zero-trust access approach, network segmentation, and encryption are required to secure environments.
2) One in Four Organizations Detect Malvertising: This graph demonstrates the rise of misleading social engineering malvertising and scareware. In particular, the Cryxos family was detected by more than one-fourth of companies. However, many of the detections are undoubtedly part of larger JavaScript campaigns that are considered malicious. The hybrid work reality has surely inspired cybercriminals to try and exploit it, aiming for both scare and extortion. Increased cybersecurity awareness is critical to avoiding scareware and malvertising methods.
3) Attackers Push Botnets to the Limit: The prevalence of botnet detections increased. Thirty-five percent of firms discovered botnet activity at the start of the year, and 51 percent six months later. Overall botnet activity increased in June due to a substantial increase in TrickBot activity. TrickBot began as a banking trojan but has evolved into a complex multi-stage toolkit supporting a variety of criminal activities. Mirai surpassed Gh0st in early 2020 and ruled well until 2021. Mirai has continued to develop new cyberweapons, but its dominance is largely due to criminals seeking to hack Internet-of-Things (IoT) equipment used by remote workers or students. Gh0st is also active, allowing attackers to take complete control of infected systems, grab live webcam and microphone feeds, and download files. After a year of remote work and learning, cyber criminals continue to target our changing daily behaviors. Organizations need zero-trust access options to secure networks and applications from IoT endpoints and devices.
4) Cybercrime Disruption Reduces Threat Volumes: In cybersecurity, not all actions have immediate or long-term consequences, but certain events in 2021 bode well for defenders. In June, the creator of TrickBot was charged with various crimes. To counter cybercrime, cyber defenders, including worldwide governments and law enforcement, have taken coordinated action against Emotet, one of the most prolific malware operations in recent history. Also, the media attention certain attacks received prompted some ransomware operators to announce their closure. Threat activity slowed after the Emotet takedown, according to FortiGuard Labs. After the Emotet botnet was shut down, TrickBot and Ryuk activity continued, but at a decreased level. The instances show how difficult it is to rapidly eliminate cyberthreats or hostile supply lines, but they are nonetheless significant.
5) Cybercriminals' favorite defensive evasion and privilege escalation techniques: Studying better resolution threat intelligence gives significant insights into existing attack strategies. FortiGuard Labs detonated malware samples to see what the intended effect was for cyber adversaries. The outcome was a list of bad things malware would have done if executed in target environments. This demonstrates cyber attackers sought to increase privileges, evade defenses, migrate between systems, and exfiltrate compromised data. For example, 55% of reported privilege escalation used hooking and 40% used process injection. The takeaway is that defensive avoidance and privilege escalation are clearly emphasized. Although these approaches are not new, defenders will be better prepared to defend against future attacks. Integrated, AI-driven platform approaches with actionable threat intelligence are required to defend all edges and identify and remediate evolving threats in real time.
Partnership, Training, and AI-powered Prevention, Detection, and Response Is Vital
While government and law enforcement agencies have taken actions relative to cybercrime in the past, the first half of 2021 could be a game-changer in terms of the momentum for the future. They are working with industry vendors, threat intelligence organizations, and other global partnership organizations to combine resources and real-time threat intelligence to take direct action against cyber adversaries. Regardless, automated threat detection and AI remain essential to enable organizations to address attacks in real time and to mitigate attacks at speed and scale across all edges. In addition, cybersecurity user awareness training is as important as ever with anyone being a target of cyberattacks. Everyone needs regular instruction on best practices to keep individual employees and the organization secure.
This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2021. Similar to how the MITRE ATT&CK framework classifies adversary tactics, techniques, and procedures with the first three groupings spanning reconnaissance, resource development, and initial access, the FortiGuard Labs Global Threat Landscape Report leverages this model to describe how threat actors find vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives as well.
Highlights of the 1H 2021 report follow:
1) Data from FortiGuard Labs shows average weekly ransomware activity was tenfold higher in June 2021 than a year ago. This shows a year-on-year growth. Attacks damaged several firms' supply chains, affecting daily life, productivity, and commerce. Businesses in the telecoms sector were the most extensively targeted. This shift in strategy from email-based payloads to gaining and selling first access into business networks shows how Ransomware-as-a-Service (RaaS) is fueling cybercrime. The major message is that ransomware is still a serious threat to all businesses, regardless of size. A zero-trust access approach, network segmentation, and encryption are required to secure environments.
2) One in Four Organizations Detect Malvertising: This graph demonstrates the rise of misleading social engineering malvertising and scareware. In particular, the Cryxos family was detected by more than one-fourth of companies. However, many of the detections are undoubtedly part of larger JavaScript campaigns that are considered malicious. The hybrid work reality has surely inspired cybercriminals to try and exploit it, aiming for both scare and extortion. Increased cybersecurity awareness is critical to avoiding scareware and malvertising methods.
3) Attackers Push Botnets to the Limit: The prevalence of botnet detections increased. Thirty-five percent of firms discovered botnet activity at the start of the year, and 51 percent six months later. Overall botnet activity increased in June due to a substantial increase in TrickBot activity. TrickBot began as a banking trojan but has evolved into a complex multi-stage toolkit supporting a variety of criminal activities. Mirai surpassed Gh0st in early 2020 and ruled well until 2021. Mirai has continued to develop new cyberweapons, but its dominance is largely due to criminals seeking to hack Internet-of-Things (IoT) equipment used by remote workers or students. Gh0st is also active, allowing attackers to take complete control of infected systems, grab live webcam and microphone feeds, and download files. After a year of remote work and learning, cyber criminals continue to target our changing daily behaviors. Organizations need zero-trust access options to secure networks and applications from IoT endpoints and devices.
4) Cybercrime Disruption Reduces Threat Volumes: In cybersecurity, not all actions have immediate or long-term consequences, but certain events in 2021 bode well for defenders. In June, the creator of TrickBot was charged with various crimes. To counter cybercrime, cyber defenders, including worldwide governments and law enforcement, have taken coordinated action against Emotet, one of the most prolific malware operations in recent history. Also, the media attention certain attacks received prompted some ransomware operators to announce their closure. Threat activity slowed after the Emotet takedown, according to FortiGuard Labs. After the Emotet botnet was shut down, TrickBot and Ryuk activity continued, but at a decreased level. The instances show how difficult it is to rapidly eliminate cyberthreats or hostile supply lines, but they are nonetheless significant.
5) Cybercriminals' favorite defensive evasion and privilege escalation techniques: Studying better resolution threat intelligence gives significant insights into existing attack strategies. FortiGuard Labs detonated malware samples to see what the intended effect was for cyber adversaries. The outcome was a list of bad things malware would have done if executed in target environments. This demonstrates cyber attackers sought to increase privileges, evade defenses, migrate between systems, and exfiltrate compromised data. For example, 55% of reported privilege escalation used hooking and 40% used process injection. The takeaway is that defensive avoidance and privilege escalation are clearly emphasized. Although these approaches are not new, defenders will be better prepared to defend against future attacks. Integrated, AI-driven platform approaches with actionable threat intelligence are required to defend all edges and identify and remediate evolving threats in real time.
Partnership, Training, and AI-powered Prevention, Detection, and Response Is Vital
While government and law enforcement agencies have taken actions relative to cybercrime in the past, the first half of 2021 could be a game-changer in terms of the momentum for the future. They are working with industry vendors, threat intelligence organizations, and other global partnership organizations to combine resources and real-time threat intelligence to take direct action against cyber adversaries. Regardless, automated threat detection and AI remain essential to enable organizations to address attacks in real time and to mitigate attacks at speed and scale across all edges. In addition, cybersecurity user awareness training is as important as ever with anyone being a target of cyberattacks. Everyone needs regular instruction on best practices to keep individual employees and the organization secure.
This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2021. Similar to how the MITRE ATT&CK framework classifies adversary tactics, techniques, and procedures with the first three groupings spanning reconnaissance, resource development, and initial access, the FortiGuard Labs Global Threat Landscape Report leverages this model to describe how threat actors find vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives as well.
No comments
Post a Comment