Fortinet : FortiGuard Labs Threat Landscape Report Highlights Tenfold Increase in Ransomware

Other Report Highlights - Global Threat Landscape Report OT Not Under IT's Shadow Anymore

Operational Technology (OT) may not get the same attention as IT, but its connection to our physical world, including critical infrastructure, means that a disruption can impact lives long after the workday is over. FortiGuard Labs has documented steady interest from threat actors in identifying OT vulnerabilities and then building them into exploit tools. The result is that script kiddies are now at least as likely to find your exposed OT devices as APT groups focused explicitly on exploiting unprotected and unpatched ICS.

It's Not All Bad News

Cybersecurity is a long game, and not all actions have an immediate effect. But increasing pressure from critical voices is having an impact. In response to escalating ransomware incidents and their threat to the safety and security of the American people, the White House has announced the formation of a cross-government task force to develop and coordinate defensive and offensive measures against ransomware. At the same time, groups like Interpol and the World Economic Forum's Centre for Cybersecurity have begun international dialogues on overcoming geopolitical limitations to enable more and better cooperation to detect and stop threats and cybercriminal organizations. Public-private actions taken in the first half of 2021 may be a game-changer. Public sector organizations are now partnering with industry vendors, threat intelligence organizations, and global organizations to combine resources and real-time threat intelligence to take direct action against cyber adversaries. Fortinet is proud to play an active role in many of these activities.

Some results of this cooperation was the coordinated takedown of Emotet, one of the most prolific malware operations in recent history, and the disruption of the Egregor, NetWalker, and Cl0p ransomware operations which represent significant wins by global governments and law enforcement to curb cybercrime. Also encouraging was the voluntary exit of cybercrime groups such as DarkSide, Avaddon, and Ziggy and the refusal by some underground forums to deal in ransomware in the aftermath of the Colonial Pipeline attacks. In addition, the original developer of TrickBot was arraigned on multiple charges in June. This response to increased pressure by crucial players represents a significant step forward in governments and law enforcement efforts to curb cybercrime.

But this cooperation also needs to be combined with advances in technology and threat intelligence. FortiGuard Labs has begun analyzing the specific functionality inherent to detected malware by detonating threat samples to determine their intended objectives. The result is a list of adverse outcomes that current malware is designed to accomplish, including escalating privileges, evading defenses, moving laterally across internal systems, and exfiltrating compromised data.

Documenting this higher-resolution threat intelligence reveals valuable takeaways about how attack techniques are evolving currently that organizations can use to better secure their critical digital resources. For example, 55% of observed privilege escalation functionality leveraged hooking, and 40% utilized process injection. The takeaway is that there is a specific focus by cybercriminals on defensive evasion and privilege escalation tactics.