Fortinet’s Threat Report finds attackers are retooling and leveraging more wiper malware
One of the outcomes of war in the modern age is that it can lead to a new class of destructive tools in the hands of cyber threat actors.
This result has been documented most recently by Fortinet Inc. in its key findings from its 2H 2022 FortiGuard Labs “Threat Landscape Report”. The cybersecurity firm observed a global resurgence in wiper malware, which had seen a dramatic spike in activity during the past year in the Russia-Ukraine war.
“We’ve seen wiper malware that’s been developed for warfare purposes now being scaled and deployed worldwide,” said Derek Manky (pictured), chief security strategist and global VP of threat intelligence at Fortinet’s FortiGuard Labs. “This malware is being commoditized and put into attack kits, and we’re seeing thousands of these detections globally. We found that wiper volume increased by 53% from the third to fourth quarter of 2022 alone, and we’ve seen even more in Q1 of this year. Every organization is now a potential target.”
Manky spoke with Lisa Martin, industry analyst for theCUBE, SiliconANGLE Media’s livestreaming studio, and they discussed findings from the report and ways that organizations can guard against attacks. (* Disclosure below.)
Sophisticated attacks
The report from Fortinet’s FortiGuard Labs described an attacker ecosystem that has taken a “work smarter, not harder” approach in revealing new tactics. Threat actors are continuing to find more ways to invade enterprise networks, such as taking older attack strains that have been successful in the past and retrofitting the code and using it in new attack techniques.
The potential for ransomware attacks to become more prevalent is especially troubling. Ransomware attacks remain at peak levels, according to the report, and the cost is going up.
“The risk is just higher now,” Manky noted. “We’re talking about eight figures in demands and collateral damage.”
Manky’s firm also noted that potent threats with a history of damage tend to hang around for a while. More than five years after the WannaCry ransomware variant first infected thousands of computers globally, the virus remains a top threat, despite the rise of new exploits such as Log4j.
“Even though Log4j is now over a year old, it is still one of the most prevalent threats that we’re seeing,” Manky said. “We’re seeing code reused now as well. If hackers know it was successful, they will tweak it and use it to deploy new attacks.”
Identifying the Red Zone
To address the ever-shifting cyberthreat landscape, Fortinet has developed a Red Zone approach designed to better illustrate the active attack surface and help prioritize efforts by CISOs to minimize risk.
“Out of the entire attack surface of 200,000 vulnerabilities, what are the ones that are currently actually unpatched and open to organizations?” Manky asked. “And then what are the ones that attackers are actually trying to attack? Our research found that this number was less than 1% of the total observed vulnerabilities, and it’s that view of the active attack surface that we’re calling the Red Zone.”
If threat prioritization is a key focus among practitioners in the security industry today, so is the consolidation of tools to combat attacks.
“There’s a big shift in the industry now to consolidate and converge networking and security. That’s the number one conversation we’re having with CISOs, as it reduces complexity and helps them maintain consistent security across their organization,” Manky said. “The advice is to go from that 10- to 15-point solution approach to five, then start to integrate and interoperate them through APIs, through SD-WAN orchestration.”
Manky also advises organizations to engage in penetration testing to better assess whether valuable sectors may be vulnerable to attack and to also make sure there’s an incident response plan ready to be implemented in the event of a successful breach.
“Penetration testing will help you identify your level of risk and which assets are the most critical to protect,” Manky said. “What is your incident response and readiness plan? If you don’t have an IR forensics team in-house, a trusted third-party provider can help you with that.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU