FortiGuard Labs has unveiled key insights from its analysis of the first half of 2023. The findings reveal a decline in ransomware detections, a rise in advanced persistent threat (APT) group activities, evolving attack techniques, and more. FortiGuard Labs is the threat intelligence and research organization at Fortinet, with the mission to provide its customers with the industry’s best threat intelligence designed to protect them from malicious activity and sophisticated cyberattacks.
Fortinet successfully thwarted approximately 17.7 million viruses, botnets, and exploits daily in the Philippines during Q2 2023. While the distribution of threats in Q2 2023 remained consistent, the report emphasized the urgency for organizations, especially in the Asia-Pacific (APAC) region, to enhance their cybersecurity strategies. The APAC contributed significantly to global telemetry data, highlighting the need to fortify defenses against the growing sophistication and frequency of threats.
“The Asia-Pacific (APAC) region contributed to approximately 25 to 33% of the global telemetry data. However, our threat report underscored the significant number of viruses, botnets, and exploits encountered regularly. This highlights the urgent need for organizations to bolster their cybersecurity strategies to strengthen their defenses, especially in light of the growing sophistication and frequency of threats,” according to Alan Reyes, Country Manager of Fortinet Philippines during a recent media briefing in Makati City.
FortiGuard Labs observed that fewer organizations (13%) detected ransomware in the first half of 2023, continuing a trend seen over recent years. This decline aligns with the shift towards more targeted attacks by cybercriminals aiming to maximize their return on investment (ROI). Despite some fluctuations, overall ransomware detections showed a downward trend when compared year-over-year.
The report also shed light on vulnerability exploitation, revealing that high-severity Common Vulnerabilities and Exposures (CVEs) were 327 times more likely to be exploited within seven (07) days.
For the first time, the Global Threat Landscape Report tracked the number of threat actors. It found that 30% of the 138 cyber threat groups monitored were active in 1H 2023, with Turla, StrongPity, Winnti, OceanLotus, and WildNeutron being the most active based on malware detections.
In 1H 2023, FortiGuard Labs detected over 10,000 unique exploits, a 68% increase from five years ago. However, the report indicated a 75% drop in exploitation attempts per organization over a five-year period, emphasizing the growing sophistication of attacks.
The proliferation of malware families affecting at least 10% of global organizations doubled over five years. This surge was driven by cybercriminals and APT groups expanding their operations. Wiper malware, associated with the Russian-Ukraine conflict, remained a concern but slowed in 1H 2023. Cybercriminals increasingly targeted technology, manufacturing, government, telecommunications, and healthcare sectors with wipers.
The report also highlighted a concerning trend in botnet activity. The average time botnets remained active before ceasing command and control communications increased by over 1,000 times in the last five years, reaching 83 days in 1H 2023. Reducing response times became crucial to mitigate potential damage.
FortiGuard Labs’ contributions to the threat intelligence community have made significant global impacts. Collaboration and intelligence sharing across the industry are crucial to disrupt cyber adversaries and enhance cybersecurity. Fortinet, a leader in enterprise-class cybersecurity and networking innovation, continues to innovate with AI-powered security services, aiding in the prevention, detection, and response to known and unknown threats.
The report also highlighted Excel and Microsoft Intermediate Language (MSIL) malware variants as prominent threats in the Asia-Pacific region in Q2 2023. In the Philippines, the FortiGuard Labs team detected 4.3 million virus instances, with JS/Agent.Cy!tr and HTML/Agent.ROUT!phish are the most prevalent.
Additionally, botnet activities posed significant challenges in the Philippines, with Mirai and Gh0st.rai being the predominant threats. These findings underscore the importance of proactive cybersecurity measures and timely patching.