The latest release from FortiGuard Labs, the 2H 2023 Global Threat Landscape Report, provides an in-depth analysis of the current state of cybersecurity, revealing a rapid adaptation of threat actors to exploit newly disclosed vulnerabilities. This alarming trend underscores the evolving challenges facing both vendors and customers in the digital security arena.
The report, issued by global cybersecurity solutions provider Fortinet, details an alarming acceleration in the speed at which cyber attackers are exploiting vulnerabilities. Newly identified exploits are being leveraged in attacks just 4.76 days after disclosure, a 43% increase in speed from the first half of 2023. This statistic points to a growing need for more rigorous security measures throughout the product development life cycle and more transparent vulnerability disclosures by vendors.
According to Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at FortiGuard Labs, the report sheds light on the urgent need for vendors to detect and patch vulnerabilities before they can be exploited. “With over 26,447 vulnerabilities recorded across more than 2,000 vendors in 2023 as cited by NIST, it’s critical for customers to adopt a strict patching regimen to mitigate the risk of these vulnerabilities being exploited,” Mr. Manky emphasized.
Long-Standing Unpatched Vulnerabilities
The findings also highlight the troubling longevity of some vulnerabilities, with data showing that 98% of organizations encountered exploits linked to vulnerabilities that have been known for at least five years, and some have remained unpatched for over 15 years. This underscores a persistent gap in security hygiene and the necessity for organizations to enhance their updating and patching strategies consistently.
In an era of decreasing generic ransomware attacks, which saw a 70% drop in detections, the focus has shifted towards more targeted ransomware and wiper campaigns, particularly in sectors like energy, healthcare, manufacturing, transportation, and automotive. This shift indicates a move from broad, scattershot tactics to more calculated, sector-specific approaches.
The report also addresses the resilience of botnets, noting that prominent networks like Gh0st, Mirai, and ZeroAccess continue to operate robustly, alongside emerging threats like AndroxGh0st, Prometei, and DarkGate. It typically takes around 85 days for command and control communications of these botnets to cease following detection, pointing to their stubborn persistence and the continuous challenge they pose to cybersecurity defenses.
On the global stage, the report identified activity from 38 of the 143 advanced persistent threat (APT) groups tracked by MITRE during the latter half of 2023. Among the most active were notable groups like Lazarus Group and OilRig, whose targeted and relatively short-lived campaigns contrast with the more prolonged operations typical of other cybercriminal groups.
Dark Web
The dark web also remains a significant area of concern, as evidenced by discussions tracked by FortiRecon, Fortinet’s digital risk protection service. The forums reveal targeted discussions around the finance, business services, and education sectors. Alarmingly, over 3,000 data breaches were shared across prominent dark web forums, with 221 vulnerabilities actively discussed. This digital underworld marketplace also saw the advertising of over 850,000 payment cards for sale, highlighting the scale and depth of the cybercrime ecosystem.
Overall, the FortiGuard Labs report paints a picture of a rapidly evolving threat landscape where the quickness of threat actor responses to vulnerabilities poses significant risks. It emphasizes the crucial roles that both vendors and customers play in maintaining cybersecurity resilience, calling for a combined effort to advance security practices and reduce vulnerability to attacks.
