Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.
Year-over-year, ransomware spiked more than tenfold in the first half of 2021, researchers report.
According to Fortinet’s latest semiannual FortiGuard Labs Global Threat Landscape Report (PDF), released on Monday, the telecommunications sector was the most heavily targeted, followed by government, managed security service providers, automotive, and manufacturing sectors.
Some of the key takeaways:
The business of ransomware is evolving. Some ransomware operators shifted their strategy away from email-initiated payloads to focusing on gaining and selling initial access into corporate networks, further showing the continued evolution of ransomware-as-a-service (RaaS) that’s fueling cybercrime. A key takeaway: Ransomware “remains a clear and present danger for all organizations regardless of industry or size,” according to the report.
One in four organizations detected malvertising: Deceptive social engineering malvertising and scareware are on the rise. “More than one in four organizations detected malvertising or scareware attempts with Cryxos being a notable family” of malware, according to the report. Criminals aren’t out to just scare organizations; they’re also after extortion.
Botnets are surging: At the beginning of the year, 35 percent of organizations detected botnet activity of one sort or another: a rate that rose to 51 percent six months later. One cause: a large bump in TrickBot activity that was responsible for the overall spike in botnet activity during June. Notably active was Mirai, which continued to add new cyberweapons to its arsenal, and Gh0st, a remote-access botnet that allows attackers to take full control of the infected system, capture live webcam and microphone feeds, or download files.
Ransomware is now affecting daily lives. The tenfold increase in ransomware included attacks that crippled the supply chains of multiple organizations, including sectors of critical importance (just a couple of cases in point: the REvil attack on meat supplier JBS Foods and the DarkSide attack on Colonial Pipeline). Organizations in the telecommunications sector were the most heavily targeted, followed by government, managed security service providers, automotive, and manufacturing sectors.
“The operational technology (OT) sector is very hot, and cyber criminals are following,” said Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs. “You have one attack that can impact a lot of customers. It can impact a much wider swath now. And that’s what we’re seeing: it’s being fueled by RaaS.”
Manky visited the Threatpost podcast recently to discuss the growth of ransomware and malvertising, botnet trends, how disrupting cybercrime has dented threat volumes, and the defensive evasion and privilege escalation techniques favored by cybercriminals.
Listen to the full podcast below, or download it directly here.
Also, check out our podcast microsite, where we go beyond the headlines on the latest news.