FortiGuard Labs’ 2H 2023 Global Threat Landscape Report highlights the need for vendors to adhere to vulnerability disclosure best practices and for organizations to improve cyber hygiene and patch management.
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, has announced the release of the FortiGuard Labs 2H 2023 Global Threat Landscape Report. This latest semi-annual report provides a comprehensive snapshot of the active threat landscape, highlighting trends from July to December 2023. The report includes an analysis of the rapid exploitation of newly identified vulnerabilities across the cybersecurity industry and the increasing incidence of targeted ransomware and wiper activity against the industrial and operational technology (OT) sectors.
Key findings from the second half of 2023 include:
- Attacks started on average 4.76 days after new exploits were publicly disclosed: Like the 1H 2023 Global Threat Landscape Report, FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high Exploit Prediction Scoring System (EPSS) score get exploited faster, and whether it could predict the average time-to-exploitation using EPSS data. Based on this analysis, the second half of 2023 saw attackers increase the speed with which they capitalized on newly publicized vulnerabilities (43% faster than 1H 2023). This shines a light on the need for vendors to dedicate themselves to internally discovering vulnerabilities and developing a patch before exploitation can occur (mitigate instances of 0-Day vulnerabilities). It also reinforces that vendors must proactively and transparently disclose vulnerabilities to customers to ensure they have the information needed to effectively protect their assets before cyber adversaries can exploit N-day vulnerabilities.
- Some N-Day vulnerabilities remain unpatched for 15+ years: It’s not just newly identified vulnerabilities that CISOs and security teams must worry about. Fortinet telemetry found that 41% of organizations detected exploits from signatures less than one month old and nearly every organization (98%) detected N-Day vulnerabilities that have existed for at least five years. FortiGuard Labs also continues to observe threat actors exploiting vulnerabilities that are more than 15 years old, reinforcing the need to remain vigilant about security hygiene and a continued prompt for organizations to act quickly through a consistent patching and updating program, employing best practices and guidance from organizations such as the Network Resilience Coalition to improve the overall security of networks.
- Less than 9% of all known endpoint vulnerabilities were targeted by attacks: In 2022, FortiGuard Labs introduced the concept of the “red zone,” which helps readers better understand how likely it is that threat actors will exploit specific vulnerabilities. To illustrate this point, the last three Global Threat Landscape Reports have looked at the total number of vulnerabilities targeting endpoints. In 2H 2023, research found that 0.7% of all CVEs (Common Vulnerabilities and Exposures) observed on endpoints are actually under attack, revealing a much smaller active attack surface for security teams to focus on and prioritize remediation efforts.
- 44% of all ransomware and wiper samples targeted the industrial sectors: Across all of Fortinet’s sensors, ransomware detections dropped by 70% compared to the first half of 2023. The observed slowdown in ransomware over the last year can best be attributed to attackers shifting away from the traditional “spray and pray” strategy to more of a targeted approach, aimed largely at the energy, healthcare, manufacturing, transportation and logistics, and automotive industries.
- Botnets showed incredible resiliency, taking on average 85 days for command and control (C2) communications to cease after first detection: While bot traffic remained steady relative to the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of the last few years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets emerged in the second half of 2023, including: AndroxGh0st, Prometei, and DarkGate.
- 38 of the 143 advanced persistent threat (APT) groups listed by MITRE were observed to be active during 2H 2023: FortiRecon, Fortinet’s digital risk protection service, intelligence indicates that 38 of the 143 Groups that MITRE tracks were active in the 2H 2023. Of those, Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig were the most active groups. Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the evolution and volume of activity in this area is something FortiGuard Labs will be tracking on an ongoing basis.
Dark Web Discourse
The 2H 2023 Global Threat Landscape Report also encompasses insights from FortiRecon, providing insight into the dialogue among threat actors across dark web forums, marketplaces, Telegram channels, and other platforms. Some key findings include:
- Threat actors discussed targeting organizations within the finance industry most often, followed by the business services and education sectors.
- More than 3,000 data breaches were shared on prominent dark web forums.
- 221 vulnerabilities were actively discussed on the darknet, while 237 vulnerabilities were discussed on Telegram channels.
- Over 850,000 payment cards were advertised for sale.
Turning the Tide Against Cybercrime
As the attack surface continually expands and the cybersecurity industry faces a widespread shortage of skilled professionals, businesses find it increasingly difficult to manage complex infrastructures comprised of disparate solutions. Keeping pace with the influx of alerts from various products and the diverse tactics employed by threat actors to compromise their targets presents an additional challenge.
To combat cybercrime effectively, a culture of collaboration, transparency, and accountability is imperative on a broader scale than individual organizations within the cybersecurity realm. Every entity plays a role in disrupting cyber threats. Fortinet emphasizes collaboration with esteemed organizations from both the public and private sectors, including CERTs (Cybersecurity Emergency Response Teams), governmental bodies, and academia, as a fundamental aspect of its commitment to bolster global cyber resilience.
Continuous technology innovation and collaboration across industries and working groups, such as the Cyber Threat Alliance, Network Resilience Coalition, Interpol, the World Economic Forum (WEF) Partnership Against Cybercrime, and WEF Cybercrime Atlas, are vital in collectively enhancing protections and combating cybercrime worldwide.
Rashish Pandey, Vice President of Marketing and Communications, Asia & ANZ
The 2H 2023 Global Threat Landscape Report from FortiGuard Labs highlights the alarming pace at which threat actors are capitalizing on newly disclosed vulnerabilities. In this dynamic landscape, vendors and customers in Southeast Asia play pivotal roles. Vendors are tasked with ensuring robust security across the product lifecycle and fostering transparency in vulnerability disclosures. As cybersecurity threats evolve in complexity, embracing a platform-centric approach fueled by AI is essential. This strategy consolidates security tools, improves operational efficiency, and facilitates swift adaptation to emerging threats, empowering organizations to construct resilient and future-ready cybersecurity defenses.
Alan Reyes, Country Manager, The Philippines
The changing threat landscape in the Philippines calls for a transition to a platform-centric cybersecurity approach. Traditional, fragmented solutions are inadequate for managing the array of technologies, hybrid work models, and IT/OT integration prevalent in contemporary networks. Fortinet’s AI-driven, unified security and network platform addresses these challenges by delivering comprehensive threat protection, automated vulnerability management, and simplified operations. This integrated approach not only minimizes costs and operational intricacies but also enables organizations to swiftly respond to emerging threats, establishing resilient and future-ready cybersecurity operations.
Additional Resources
- Read the blog for valuable takeaways from this research, or access the full report.
- Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
- Learn about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
- Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
- Visit fortinet.com/trust to learn more about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products that contribute to delivering proven cybersecurity, everywhere you need it.
- Learn more about Fortinet’s commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and p