iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
FortiGuard has reported ransomware variants have almost doubled in the past six months, with exploit trends demonstrating the endpoint remains a target as hybrid work continues to become the norm.
According to the new FortiGuard Labs Global Threat Landscape Report, one of the main drivers for this increase in diversity is the popularity of ransomware-as-a-service (RaaS). RaaS is designed to be capable of enabling a relatively unsophisticated criminal to execute a lucrative ransomware attack.
As organisations maintain remote and hybrid working models, cyber adversaries are focused on concealing activity from endpoint security systems. Looking at the top tactics and techniques from the past six months of endpoint detection and response (EDR) telemetry, defence evasion is the top tactic employed by malware developers. Attackers are likely to use techniques like system binary proxy execution to hide malicious intentions.
Cyber affiliates are now much more sophisticated in selecting their targets. An attacker that conducts deeper pre-attack reconnaissance will lead to a campaign that is highly tailored to the victim and much more likely to succeed than a generic a "spray-and-pray model".
According to Derek Manky, chief security strategist and VP global threat intelligence at FortiGuard Labs, cyber adversaries are advancing their playbooks to thwart defence and scale their criminal affiliate networks.
"They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment.
"To combat advanced and sophisticated attacks, organisations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks," Manky said.
Preparation is the best way to mitigate the threat of cyber attack. The Australian Cyber Security Centre Essential Eight's advice to prevent, contain, and recover will be very effective, ensuring that even if a breach occurs, any impact is minimised and services can be effectively and quickly restored.
FortiGuard Labs Global Threat Landscape Report highlights the following:
Ransomware remains a top threat and cyber adversaries continue to invest significant resources into new attack techniques. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period. That is nearly 100 per cent growth in ransomware variants in half a year.
RaaS, with its popularity on the dark web, continues to fuel an industry of criminals forcing organisations to consider ransomware settlements. To protect against ransomware, organisations, regardless of industry or size, need a proactive approach according to FortiGuard researchers. Real-time visibility, protection, and remediation coupled with zero-trust network access and advanced endpoint detection and response are critical.
The FortiGuard Labs Global Threat Landscape 1H 2022 report has found the number of ransomware variants has almost doubled over the previous six months, Glenn Maiden, director of threat intelligence, Australia and New Zealand at Fortinet added, explaining the volume of ransomware, which spiked in 2021, has remained steady.
"This means FortiGuard Labs has seen the same amount of ransomware attacks; however, there is double the diversity of ransomware variants," Maiden said.
[Related: Xiaomi mobile payment vulnerability could facilitate forged transactions]
Be the first to hear the latest developments in the cyber industry.
