Organizations detecting ransomware decline as the volume and impact of targeted attacks continue to rise

FortiGuard Labs recently announced the latest semiannual Global Threat Landscape Report that observed a decline in organizations detecting ransomware, significant activity among advanced persistent threat (APT) groups, a shift in MITRE ATT&CK techniques used by attackers, and much more.

While organizations continue to find themselves in a reactive position due to the growing sophistication of malicious actors and the escalation of targeted attacks, ongoing analysis of the threat landscape in the 1H 2023 Global Threat Landscape Report helps provide valuable intelligence that can serve as an early warning system of potential threat activity and help security leaders prioritize their security strategy and patching efforts. Highlights of the report follow:

Organizations detecting ransomware are on the decline: FortiGuard Labs found that 13% fewer organizations detected ransomware in the first half of 2023 compared to 22% this time 5 years ago. Research also found that the volume of ransomware detections continues to be volatile, closing 1H 2023 13x higher than the end of 2022 but still on a downward trend overall when comparing year-over-year.

Malicious actors are 327x more likely to attack top EPSS vulnerabilities: Since its inception, Fortinet has been a core contributor of exploitation activity data in support of the Exploit Prediction Scoring System (EPSS). This project aims to leverage a myriad of data sources to predict the likelihood and when a vulnerability will be exploited in the wild. FortiGuard Labs analyzed six years of data spanning more than 11,000 published vulnerabilities that detected exploitation and found that the Common Vulnerabilities and Exposures (CVEs) categorized with a high EPSS score (top 1% severity) are 327x more likely to be exploited within seven days than any other vulnerability.

The Red Zone continues to help CISOs prioritize patching efforts: In the second half of 2022, the Red Zone was around 8.9%, meaning that about 1,500 CVEs of the more than 16,500 known CVEs were observed under attack. In the first half of 2023, that number dropped slightly to 8.3%. Like the EPSS analysis above, FortiGuard Labs continues to invest in more effective ways to help organizations prioritize and more quickly close vulnerabilities.

Nearly 1/3 of APT groups were active in 1H 2023: For the first time in the history of the Global Threat Landscape Report, FortiGuard Labs tracked the number of threat actors behind the trends. Research revealed that 41 (30%) of the 138 cyberthreat groups MITRE tracks were active in the 1H 2023. Of those, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active based on malware detections. Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the evolution and volume of activity in this area will be something to look forward to in future reports.

FortiGuard Labs’ contributions to the threat intelligence community over the last decade have made significant impacts around the globe, helping to improve protections for customers, partners, and governments in their fight against cybercrime.

Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs shared: “Disrupting cybercrime is a global effort that comprises strong, trusted relationships and collaboration across public and private sectors, as well as investing in AI-powered security services that can help overwhelmed security teams coordinate actionable threat intelligence in real-time across their organization. As a leader in enterprise-class cybersecurity and networking innovation, Fortinet helps secure over half a million organizations worldwide, including global enterprises, service providers, and government organizations. Of note, Fortinet’s ongoing development of artificial intelligence (AI) applied to cybersecurity use cases, in both our FortiGuard Labs and product portfolio, is speeding the prevention, detection, and response to known and unknown threats".

The Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2023. Using the MITRE ATT&CK framework, which classifies adversary tactics, techniques, and procedures, the FortiGuard Labs Global Threat Landscape Report describes how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets.