Given the fast pace at which the threat landscape changes, it’s important to constantly monitor it if businesses are to have any chance of staying ahead of innovative cybercriminals, writes Dave Spillane, Systems Engineer Director at Fortinet.
Ongoing analysis has shown the landscape to have experienced various developments in recent times, including a rise in sophisticated attacks on critical industries.
Our FortiGuard Labs team conducted its Global Threat Landscape Report to find out just how quickly things are changing. We will talk about some of the trends this research found, as well as the impact of these trends on organisations globally. Firstly, attacks started, on average, 4.76 days after new exploits were publicly disclosed, 43 per cent faster that in the first half of 2023.
Looking at how long it takes to move a vulnerability from initial release to exploitation, this trend shows there has been a clear increase in the speed with cyber criminals capitalised on newly publicised vulnerabilities. It also shines a light on the necessity for vendors to dedicate themselves to internally discovering vulnerabilities and quickly developing patches before they can be exploited. With less that five days between a vulnerability being publicly disclosed and it being exploited, speed is of the utmost importance and organisations need to be working faster than ever to protect themselves.
The report also discovered some N-Day vulnerabilities have remained unpatched for 15-plus years, reminding CISOs and security teams that it’s not just newly identified vulnerabilities businesses must worry about. Forty-one per cent of organisations detected exploits from signatures less than one month old and nearly every organisation (98pc) detected N-Day vulnerabilities which have existed for at least five years. Threat actors were also observed to be exploiting vulnerabilities more than 15 years old.
This reinforces the need for organisations to remain vigilant about security hygiene. It’s also a prompt for them to act quickly through a consistent patching and updating programme and employ best practices and guidance from third-party organisations, such as the Network Resilience Coalition. Doing so will improve the overall security of networks.
We found that ransomware is slowing in industrial sectors. Positively, across all of Fortinet’s sensors, ransomware detections dropped by 70pc compared to the first half of 2023. This slowdown in ransomware can be attributed to attackers shifting away from more traditional approaches to attacks, to those which are more targeted. This is especially a concern for the industries mostly at risk – energy, healthcare, manufacturing, transportation and logistics, and automotive.
There has been substantial activity among APT groups, with 38 of the 143 APT groups listed by MITRE having been observed to be active. The most active of these being Lazarus Group, Kimusky, APT28, APT29, Andariel and OilRig. Given the ability of these groups to be highly adaptable to changes in the digital landscape, and the fact they are evolving to become increasingly stealthy, carefully planning and executing their attacks, means precautions need to be put in place.
Less than 9pc of all known endpoint vulnerabilities were targeted by attacks. With this report finding that 0.7pc of all CVEs observed on endpoints are under attack, this is a much smaller active attack surface than for security teams to focus on and prioritise remediation efforts than many think. While this is positive for security teams and CISOs, it’s important to remember the red zone that are endpoints still need to be under monitoring and protection.
But what do these findings mean for organisations? In short, threats are moving, and times are changing, and turning the tide against cybercrime requires a culture of collaboration, transparency, and accountability on a larger scale than from just individual organisations. Not only do vulnerabilities need to be patched, awareness around nation state threats improved and ransomware and endpoint vulnerabilities still protected against, but organisations need to understand every single one of them has a place in the chain of disruption against cyberthreats.
Collaboration with high-profile and well-respected organisations in both the public and private sectors, including CERTS, government entities, and academia, is a fundamental aspect of improving cyber resiliency globally.
