Fortinet, a leading cybersecurity company that combines networking and security, has released the latest semiannual Global Threat Landscape Report from FortiGuard Labs. At a press briefing in the New World Makati Hotel, Alan Reyes, the Country Manager of Fortinet Philippines, presented significant findings from FortiGuard Labs’ Q2 2023 Threat Report. This report offers valuable intelligence to organizations regarding potential threat activities.
FortiGuard Labs observed noteworthy trends in the first half of 2023: a decrease in ransomware findings, heightened involvement of advanced persistent threat (APT) groups, shifts in attackers’ use of MITRE ATT&CK methods, and other notable advancements.
Furthermore, Fortinet successfully identified and defended against approximately 17.7 million viruses, botnets, and exploits daily in the Philippines during Q2 2023.
Reyes emphasized that the distribution of threats in Q2 2023 remained relatively consistent compared to the previous quarter. He noted, “The Asia-Pacific (APAC) region contributed approximately 25 to 33% of the global telemetry data. However, our threat report underscored the significant number of viruses, botnets, and exploits encountered regularly. This highlights the urgent need for organizations to bolster their cybersecurity strategies to strengthen their defenses, especially in light of threats’ growing sophistication and frequency.
Highlights of the report
Organizations Detecting Ransomware Are on the Decline
- Ransomware variant growth has increased due to Ransomware-as-a-Service (RaaS)
- Fewer organizations detected ransomware in the first half of 2023 (13%) compared to five years ago (22%)
- Ransomware and other attacks are becoming more targeted and sophisticated
- The volume of ransomware detections is volatile, but overall trend is downward year-over-year
Malicious Actors Are 327x More Likely to Attack Top EPSS Vulnerabilities within Seven Days Compared to All Other CVEs. Top EPSS vulnerabilities are 327 times more susceptible to attacks by malicious actors within a week than all other CVEs. This initiative aims to utilize various data sources for forecasting the probability and timing of vulnerability exploitation in real-world scenarios. By studying over 11,000 published vulnerabilities and their corresponding exploitation instances over six years, FortiGuard Labs determined that CVEs with a high EPSS score (representing the most severe 1% of vulnerabilities) have a 327-fold higher chance of being exploited within a week, in contrast to other vulnerabilities.
Nearly One-Third of APT Groups Were Active in 1H 2023:
- 30% of APT groups were active in 1H 2023, according to FortiGuard Labs
- Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active APT groups
- APT groups have targeted and short-lived campaigns compared to cyber criminals
- Future reports will explore the evolution and volume of APT group activity
Five-Year Comparison Reveals Explosion in Unique Exploits, Malware Variants, and Botnet Persistence
In the first half of 2023, FortiGuard Labs identified over 10,000 distinct exploits, marking a 68% increase compared to five years ago.
This surge in unique exploit findings underscores the significant number of malicious attacks that security teams need to be vigilant about and how attacks have proliferated and diversified within a relatively short period.
The report also reveals a more than 75% reduction in exploitation attempts per organization over a five-year timeframe and a 10% decrease in severe exploits. These findings suggest that while malicious actors have expanded their exploit toolkits, the attacks have become more targeted than five years ago.
Malware Families and Variants Exploded, Up 135% and 175%, Respectively:
- More cybercriminal and APT groups are expanding and diversifying their attacks.
- Wiper malware, mainly associated with the Russian-Ukraine conflict, has surged but slowed down recently.
- Nation-state actors and cybercriminals increasingly use wipers to target technology, manufacturing, government, telecommunications, and healthcare sectors.
Botnets Lingering in Networks Longer Than Ever
The duration that botnets remain active in networks has significantly increased. According to the report, there has been a rise in active botnets (+27%) and a higher occurrence rate among organizations over the past five years (+126%). However, the most alarming discovery is the exponential growth in the total number of “active days,” which refers to the time between the first detection of a botnet attempt and its final communication with the command and control (C2) center.
In the first half of 2023, the average duration for which botnets persisted before C2 communications ceased was 83 days. This represents a more than 1,000-fold increase compared to five years ago. It is crucial for organizations to swiftly respond to botnet incidents, as the longer they allow them to linger, the greater the potential damage and risk to their business.
Philippines, Q2 2023
The latest findings from FortiGuard Labs reveal that Excel and Microsoft Intermediate Language (MSIL) malware variants have emerged as the predominant cybersecurity threats across the Asia-Pacific (APAC) region during the second quarter of 2023. These malware types stand out due to their adaptability and versatility in creating various forms of malicious software. Excel malware, often disseminated through phishing emails containing malicious macros, remains a prevalent attack vector. Meanwhile, MSIL, a bytecode format utilized by the .NET framework, proves highly adjustable, adding to its threat potential.
In the Philippines, the FortiGuard Labs team detected a staggering 4.3 million instances of viruses. Notably, the JS/Agent,Cy!tr virus emerged as the most prominent, contributing to 3.5% of viruses detected within the quarter. HTML/Agent closely followed it.ROUT!phish, which accounted for 3.2% of the detected viruses.
In addition, with botnet activities during the first quarter of 2023, the Philippines faced significant challenges from Mirai, Ghost Rat, Bladabindi, Mozi, and RotaJakiro botnets. These malicious networks were responsible for various nefarious activities, including distributed denial-of-service (DDoS) attacks, credential harvesting, and data exfiltration. FortiGuard Labs recorded 18.6 million botnet attacks, with Mirai and Gh0st.rai being the predominant threat, representing 16% of all observed botnet activity in the quarter.
These findings underscore the need for businesses in the Philippines and individuals to remain vigilant and proactive in fortifying their cybersecurity defenses against the evolving threat landscape, reinforcing the importance of timely patching and the deployment of robust security measures.
