Threat landscape trends: Faster cybercriminals, unpatched vulnerabilities and less ransomware
June 2024 by Dave Spillane, Systems Engineer Director at Fortinet
With the threat landscape changing at an unparalleled pace, its consistent monitoring is vital if businesses are to stay ahead of innovative cybercriminals. With analysis showing various and recent developments to the landscape, including a rise in sophisticated attacks on critical industries, our FortiGuard Labs team conducted its Global Threat Landscape Report to find out how things are changing.
We talk about some of the trends this research found, as well as the impact of these trends on organisations globally:
Firstly, there has been substantial activity among APT groups. 38 of the 143 APT groups listed by MITRE have been observed to be active with the most active being Lazarus Group, Kimusky, APT28, APT29, Andariel and OilRig. With the ability to be fast evolving and highly adaptable to changes in the digital landscape, groups are becoming increasingly stealthy, carefully planning and executing their attacks. Precautions against this must be made.
Attacks started, on average, 4.76 days after new exploits were publicly disclosed, 43% faster than in H1 2023. Given how long it takes to move a vulnerability from initial release to exploitation, this trend shows a clear increase in the speed of which cyber criminals are capitalising on newly publicised vulnerabilities.
It also shines a light on the necessity for vendors to dedicate themselves to internally discovering vulnerabilities and quickly developing patches before they can be exploited. With less than five days between a vulnerability being publicly disclosed and it being exploited, speed is of the utmost importance and organisations need to be working faster than ever to protect themselves.
The report also discovered some N-Day vulnerabilities have remained unpatched for 15+ years, reminding CISOs and security teams it’s not just newly identified vulnerabilities businesses must worry about. 41% of organisations detected exploits from signatures less than one month old and nearly every organisation (98%) detected N-Day vulnerabilities which have existed for at least five years. Threat actors were also observed to be exploiting vulnerabilities more than 15 years old.
This reinforces the need for organisations to remain vigilant about security hygiene. It’s also a prompt for them to act quickly through a consistent patching and updating programme and employ best practices and guidance from third-party organisations, such as the Network Resilience Coalition. Doing so will improve the overall security of networks.
We also found that less than 9% of all known endpoint vulnerabilities were targeted by attacks. With 0.7% of all CVEs observed on endpoints under attack – a much smaller active attack surface for security teams to focus on than many think. While this is positive, remember the red zone that are endpoints still need to be under monitoring and protection.
Finally, we found ransomware is slowing in industrial sectors. Positively, across Fortinet’s sensors, ransomware detections dropped by 70% compared to H1 2023. This slowdown in ransomware can be attributed to attackers shifting away from more traditional approaches to attacks, to those which are more targeted. This is especially a concern for the industries mostly at risk – energy, healthcare, manufacturing, transportation and logistics, and automotive.
While these findings are important, what exactly do they mean for organisations?
Threats are moving, times are changing and the tide needs to be turned against cybercrime. Doing so however, requires a culture of collaboration, transparency, and accountability on a larger scale than from just individual organisations. Vulnerabilities need to be patched, awareness around nation state threats improved and ransomware and endpoint vulnerabilities still protected against.
Also, organisations need to understand every single one of them has a place in the chain of disruption against cyberthreats and collaboration with high-profile and well-respected organisations in both the public and private sectors – including CERTS, government entities, and academia – is fundamental to improving global cyber resiliency.