Looking back at the first half of this year, the data from our 1H 2022 FortiGuard Labs Global Threat Landscape report shows us that cybercriminals are upping their game and throwing plenty of curve balls at security and IT teams. Over the last six months, we’ve observed a higher volume of exploits. And attackers have expanded their playbook of cunning tactics, making the consequences of a successful attack more devastating than ever.
What does this mean for security and IT? With attackers seemingly subscribing to a “more is better” theory – with no signs of slowing their pace – every organization, regardless of size, is a target.
In the past, executives of smaller or mid-sized companies often assumed they had a lesser chance of being compromised, with attackers more interested in more prominent companies with presumably more valuable data to steal. Today, that mentality couldn’t be farther from the truth. Everyone’s at risk, and there’s no better time to reevaluate your security program to ensure you have the right processes and technologies to detect suspicious behavior and thwart attacks.
Recent Attack Trends to Know
Attackers are still relying on some tried-and-true tactics – like ransomware and process injection – but we noticed that these bad actors are increasingly going to extraordinary lengths to achieve their goals, embracing new techniques to try and fool security professionals and evade an organization’s security technologies. And cybercriminals are trying to achieve new levels of destruction, like larger-than-usual ransomware payouts and critical infrastructure disruption.
Here are key takeaways from the report to consider as you reevaluate your organization’s risk management strategy:
Ransomware-as-a-Service (RaaS) means new (and more) variants. Ransomware remains a top threat, with attackers investing significant resources into new attack techniques. However, getting hold of new ransomware variants has gotten easier for hackers thanks to an increase in subscription-model RaaS operations. RaaS explains the explosive growth in ransomware variants we detected in the first half of this year: The number of new variants was nearly double what we observed in the back half of 2021.
Trending now: More destructive malware attacks. Malware isn’t new, but attackers are now using new variants like wiper malware to cause more destruction. In the first six months of 2022, FortiGuard Labs identified at least seven significant new wiper variants used by attackers in various campaigns against government, military, and private organizations. This number is nearly as many total wiper variants as previously detected in the past ten years.
Defense evasion is an attacker’s tactic of choice. Perhaps the most unsettling news is that cybercriminals are finding new ways to avoid being caught. Our FortiGuard Labs team analyzed the functionality of detected malware strains to pinpoint the most common delivery mechanisms, and defense evasion ranked number one.
More endpoints, more problems. Endpoints are now even more attractive targets for cybercriminals because of the ongoing shift to remote work. Many compromises involving endpoints involve unauthorized users gaining access to a system, likely with the goal of moving laterally across a corporate network.
Critical Recommendations for Strengthening Your Organization’s Security Posture
Based on the insights shared in our 1H 2022 FortiGuard Labs Global Threat Landscape report, there are several vital steps IT, and security professionals should take now to combat this increase in attempted cyberattacks and the introduction of new attack vectors. The best news is that you can implement most of these recommendations without requesting new funding or adding headcount to your team.
First, revise your basic security processes and technologies. Gone are the days when integrated security platforms, secure SD-WAN, ZTNA, and endpoint detection and response (EDR) tools – along with a team of security analysts to monitor your environment – were “nice to have” but not yet essential. Today, security technologies like these have become foundational for adequately protecting any environment. If you already have these technologies, great. If not, adding these tools and the right staff to implement and monitor them should be the first thing on your to-do list.
Next, use artificial intelligence (AI) to identify and respond to sophisticated threats in real-time. Monitoring for potentially malicious behavior can feel like playing a game of whack-a-mole: There’s an endless number of potential attack vectors, and your organization’s vulnerable hot spots change constantly. This is where AI comes in, as it plays a role in creating more customized, behavior-based detection rules to implement in your environment. Its ability to correlate and analyze vast amounts of data means you’ll end up with detections that are more attuned to your environment – which means fewer false positives and faster response times.
Find opportunities to automate your security processes. Automating security processes has significant benefits for your security team. But automation can be impossible if security tools operate in isolation. So, hand-in-glove with automation is consolidating security into a unified security platform. And while some processes will always require an analyst’s eyes on the glass, leveraging AI to help determine what you can potentially automate, like software patching or repetitive threat analysis, will be vital to your success.
Perhaps the most overlooked aspect of cybersecurity is process. Alongside updating and integrating your technology, you need to revise (or create) your incident response and business continuity plans. These to-dos often get de-prioritized, but the reality is they are some of the most essential activities for your team to conduct regularly. Do you have incident response and business continuity plans in place? What do they include, and when were they last updated? Think about proactive steps you can take today to guard against future attacks, like creating honeypots, conducting adversary simulations such as tabletop and red team/blue team exercises, and even ensuring your online and offline backups are tested regularly.
This is the time to make critical changes
Attackers are only getting more creative, with accessible services like RaaS and new attack variants making it easier to carry out an exploit. Security and IT teams must adjust their strategies now if they hope to stay one step ahead. Staying educated about new attack tactics and techniques and enhancing your organization’s defenses is the best first step towards moving forward.
Subscribe to the Fortinet blog for valuable takeaways from this research as the FortiGuard Labs team examines topics from the report in upcoming weeks.