Unveiling the Cybersecurity Landscape: FortiGuard Labs’ 1H 2023 Threat Report

Discover the latest cybersecurity trends and threats in FortiGuard Labs’ Global Threat Landscape Report for 1H 2023.

Fortinet®, a leading global cybersecurity company focused on the convergence of networking and security, has unveiled the latest semiannual Global Threat Landscape Report from FortiGuard Labs. The report for the first half of 2023 reveals several notable trends, including a decline in ransomware detections, increased activity among advanced persistent threat (APT) groups, shifts in attacker techniques following the MITRE ATT&CK framework, and more. The comprehensive analysis can be found in the 1H 2023 Global Threat Landscape Report.

Key highlights from the report include:

1. Decrease in Ransomware Detection: FortiGuard Labs has identified a drop in ransomware detections in the first half of 2023, with only 13% of organizations detecting ransomware, down from 22% five years ago. This trend reflects the growing sophistication of attackers who are now favoring more targeted attacks to maximize their return on investment (ROI). Although the volume of ransomware detections has increased compared to the end of 2022, it remains on a downward trajectory when viewed year-over-year.
2. Focus on High-Risk Vulnerabilities: Malicious actors are 327 times more likely to target vulnerabilities with a high EPSS (Enterprise Public Sector Score) within seven days compared to other Common Vulnerabilities and Exposures (CVEs). This highlights the importance of promptly addressing high-severity vulnerabilities to mitigate exploitation risks.
3. APT Group Activity: The report tracks the activity of APT groups and reveals that 30% of the 138 cyberthreat groups monitored by MITRE were active in the first half of 2023. Notable groups, including Turla, StrongPity, Winnti, OceanLotus, and WildNeutron, were highly active based on malware detections. The report suggests that the evolving landscape of APT and nation-state cyber groups will continue to be a significant focus in future reports.
4. Surge in Unique Exploits: FortiGuard Labs detected over 10,000 unique exploits in the first half of 2023, marking a 68% increase compared to five years ago. While the volume of attacks has risen, there has been a 75% reduction in exploitation attempts per organization over the same period, indicating more targeted and sophisticated attacks.
5. Malware Variants and Botnet Persistence: The report highlights a 135% increase in malware families affecting over 10% of global organizations. Botnet activity has also risen by 27%, with an alarming 1,000-fold increase in the average duration of botnets’ presence within networks compared to five years ago, posing greater risks to businesses.

To combat these evolving threats, Fortinet emphasizes the need for a collaborative and intelligence-sharing approach within the cybersecurity industry. FortiGuard Labs continues to contribute to the global threat intelligence community, providing tools and knowledge to strengthen organizations’ defenses against cybercrime. Fortinet’s commitment to innovation, including the application of artificial intelligence (AI) in cybersecurity, further enhances protection against both known and unknown threats.

Fortinet, a leader in enterprise-class cybersecurity and networking solutions, secures a broad range of organizations worldwide, including global enterprises, service providers, and government agencies. Its AI-powered security services, deployed across endpoints and cloud infrastructure, play a crucial role in threat detection and response. Fortinet also offers centralized response tools to disrupt cybercrime effectively across the entire attack surface.

Singapore, Q2 2023:

The latest findings from FortiGuard Labs highlight Excel and MSIL malware variants as the predominant cybersecurity threats in the Asia-Pacific (APAC) region during the second quarter of 2023. These malware types are notable for their adaptability and versatility in creating malicious software. Excel malware is frequently distributed through phishing emails with malicious macros, while MSIL (Microsoft Intermediate Language) poses a high threat due to its modifiability.

In Singapore, FortiGuard Labs detected a substantial 18,470,207 instances of viruses during this period, with the JS/Cryxos virus experiencing a 4.9% growth within the quarter.

Additionally, botnet activities posed significant challenges in the first quarter of 2023, with Mirai, Ghost Rat, Bladabindi, and RotaJakiro botnets responsible for various malicious activities, including DDoS attacks, credential harvesting, and data exfiltration. A total of 5,884,484 botnet attacks were recorded, with Mirai being the most prominent, representing 19.64% of all observed botnet activity, followed closely by Gh0st.rai with a 19% growth rate within the same quarter.

These findings underscore the importance of maintaining strong cybersecurity defenses in Singapore, emphasizing timely patching and robust security measures to counter evolving threats effectively.

Report Overview:

The Global Threat Landscape Report from FortiGuard Labs provides insights derived from extensive data collected during the first half of 2023. This report, utilizing the MITRE ATT&CK framework to classify adversary tactics, techniques, and procedures, offers a comprehensive view of how threat actors target vulnerabilities, establish malicious infrastructure, and exploit their targets.

Meet with Fortinet at Black Hat USA:

Fortinet invites attendees to meet their team of experts at booth #1240 during Black Hat USA. They will showcase a wide range of products, services, and threat intelligence and response solutions to enhance cybersecurity defenses. Further information can be found in the accompanying blog.

In an ever-evolving landscape of digital threats, the insights presented in FortiGuard Labs’ Global Threat Landscape Report for the first half of 2023 serve as a critical beacon for organizations worldwide. These findings underscore the imperative need for collaborative efforts, timely patching, and the deployment of cutting-edge security measures to protect against an array of cyber threats. As we move forward, the cybersecurity industry’s dedication to intelligence sharing, innovation, and a unified approach will be pivotal in disrupting cybercrime and ensuring a safer digital future. Fortinet remains at the forefront of this mission, committed to empowering organizations with the tools, knowledge, and support needed to counter both known and emerging threats, ultimately leading the way in safeguarding the digital world.