Fortinet observes dip in ransomware detection within organizations

Fortinet, a cybersecurity solutions provider, has observed a decrease in the detection of ransomware in organizations, attributing this trend to the widespread adoption of Ransomware-as-a-Service (RaaS) among cybercriminals.

According to FortiGuard Labs, the threat intelligence platform of Fortinet, its monitoring has revealed that only 13% of organizations detected ransomware in the first half of 2023 (1H2023), as opposed to the 22% recorded five years ago.

However, the figure of 13% indicates an upward trajectory compared to the conclusion of 2022. Fortinet has emphasized that, overall, this signifies a decline when assessed on a year-over-year basis.

Fortinet’s new augmentation services to support security teams
Fortinet: Unmanaged devices remain a security risk for companies

“This supports the trend that FortiGuard Labs has seen over the last couple of years, that ransomware and other attacks are becoming increasingly more targeted thanks to the growing sophistication of attackers and the desire to increase the return on investment (ROI) per attack,” Fortinet said in a media release.

Active APT groups

During its surveillance, FortiGuard Labs has also noticed a rise in the number of active Advanced Persistent Threat (APT) Groups in the first half of 2023. This is the first time, according to the company, in which its researchers have been able to monitor the activities of 41 (30%) of the 138 cyberthreat groups tracked by MITRE in its regular Global Threat Landscape Report.

The company names Turla, StrongPity, Winnti, OceanLotus, and WildNeutron as the most active, based on its surveillance. 

“Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the evolution and volume of activity in this area will be something to look forward to in future reports,” the researchers said.

More malware families

Security experts have observed a 135% surge in the emergence of new malware families within the same timeframe, along with a 175% rise in malware variants. Fortinet has highlighted that the number of malware families affecting at least 10% of global organizations has doubled over the past five years.

“This escalation in malware volume and prevalence can be attributed to more cybercriminal and APT groups expanding operations and diversifying their attacks in recent years,” the company said. “A significant focus of the last Global Threat Landscape report was the surge in wiper malware largely tied to the Russian-Ukraine conflict.”

Fortinet has noted that this escalation continued in 2022 but slowed down in 1H2023. The researchers noted that these nation-state actors have employed wipers (malware that deletes and destroys data), targeting organizations in sectors such as technology, manufacturing, government, telecommunications, and healthcare.