Ransomware variants almost double in six months

In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous half year.

In addition ransomware-as-a-service (RaaS), with its popularity on the dark web, continues to fuel an industry of criminals forcing organizations to consider ransomware settlements.

When it comes to targets work-from-anywhere (WFA) endpoints remain an attractive way for cyber adversaries to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are also prime targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence.

There's also an increase in destructive and sophisticated attack techniques using malicious software that destroys data by wiping it clean. FortiGuard Labs has identified at least seven major new wiper variants in the first six months of 2022 that have been used in various campaigns against government, military, and private organisations.

Among the top eight tactics and techniques focused on the endpoint, defense evasion is the most employed tactic by malware developers. This involves attempting to hide commands using a legitimate certificate to execute a trusted process and carry out malicious intent.

"Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks," says Derek Manky, chief security strategist and VP global threat intelligence, at FortiGuard Labs. "They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment. To combat advanced and sophisticated attacks, organizations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks."

In terms of defending themselves organizations need to gain a deeper understanding of the goals and tactics used by adversaries through actionable threat intelligence. Cybersecurity awareness and training are also important as the threat landscape evolves, in order to keep employees and security teams up-to-date. Organizations need security operations that can function at machine speed to keep up with the volume, sophistication, and rate of today's cyber threats too, making AI and ML-powered prevention, detection and response vital to keep up with the latest threats.

You can read more on the Fortinet blog.

Image credit: AndreyPopov/depositphotos.com