The latest semiannual report from Fortinet, a global cybersecurity firm, reveals a significant acceleration in the exploitation of newly publicized vulnerabilities.
The “2H 2023 Global Threat Landscape Report” from FortiGuard Labs indicates that attackers are now leveraging vulnerabilities 43% faster compared to the first half of 2023. On average, attacks began 4.76 days after a new exploit was publicly disclosed.
Fortinet stresses the importance of vendors transparently disclosing vulnerabilities to customers, enabling them to safeguard their assets effectively.
Key findings from the second half of 2023 highlight the evolving threat landscape. N-Day vulnerabilities, which are previously known and often long-unpatched vulnerabilities, remain a significant concern. Fortinet’s telemetry found that 41% of organizations detected exploits from signatures less than one month old, and nearly all organizations (98%) identified N-Day vulnerabilities that have existed for at least five years. Some vulnerabilities have remained unpatched for over 15 years.
The report also notes that less than 9% of all known endpoint vulnerabilities were targeted by attacks. This finding suggests a smaller active attack surface, allowing security teams to better prioritize their remediation efforts.
In terms of targeted attacks, 44% of all ransomware and wiper samples detected were aimed at the industrial sectors, including energy, healthcare, manufacturing, transportation, and logistics. Despite a 70% drop in overall ransomware detections compared to the first half of 2023, the shift toward targeted attacks highlights an evolving strategy among cybercriminals.
Botnets also showed remarkable resilience, with command and control (C2) communications persisting for an average of 85 days post-detection. Prominent botnets like Gh0st, Mirai, and ZeroAccess remained active, alongside new entrants such as AndroxGh0st, Prometei, and DarkGate.
FortiRecon, Fortinet’s digital risk protection service, identified 38 active advanced persistent threat (APT) groups out of the 143 tracked by MITRE. Among the most active were Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig.
This report highlights the critical need for organizations to maintain rigorous cybersecurity hygiene and rapidly implement best practices to mitigate evolving threats.