Fortinet, the global cybersecurity leader driving the convergence of networking and security, today announced the latest semiannual Global Threat Landscape Report from FortiGuard Labs. In the first half of 2023, FortiGuard Labs observed a decline in organizations detecting ransomware, significant activity among advanced persistent threat (APT) groups, a shift in MITRE ATT&CK techniques used by attackers, and much more. In addition to the highlights below, readers can find the full analysis by reading the 1H 2023 Global Threat Landscape Report.

Commenting on this report,Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs said;“Disrupting cybercrime is a global effort that comprises strong, trusted relationships and collaboration across public and private sectors, as well as investing in AI-powered security services that can help overwhelmed security teams coordinate actionable threat intelligence in real time across their organization. Security teams cannot afford to sit idle with targeted threats at an all-time high. Fortinet’s FortiGuard Labs continues to provide innovative and actionable intelligence, like the Red Zone and new Exploit Prediction Scoring System analysis, to help security teams proactively prioritize patching efforts and respond to threats faster than ever.”

While organizations continue to find themselves in a reactive position due to the growing sophistication of malicious actors and the escalation of targeted attacks, ongoing analysis of the threat landscape in the 1H 2023 Global Threat Landscape Report helps provide valuable intelligence that can serve as an early warning system of potential threat activity and help security leaders prioritize their security strategy and patching efforts. Highlights of the report follow:

Organizations Detecting Ransomware Are on the Decline: FortiGuard Labs has documented substantial spikes in ransomware variant growth in recent years, largely fueled by the adoption of Ransomware-as-a-Service (RaaS). However, FortiGuard Labs found that fewer organizations detected ransomware in the first half of 2023 (13%) compared to this time five years ago (22%). Despite the overall decline, organizations must keep their guard up. This supports the trend that FortiGuard Labs has seen over the last couple of years, that ransomware and other attacks are becoming increasingly more targeted thanks to the growing sophistication of attackers and the desire to increase the return on investment (ROI) per attack. Research also found that the volume of ransomware detections continues to be volatile, closing 1H 2023 13x higher than the end of 2022 but still on a downward trend overall when comparing year-over-year.

Malicious Actors Are 327x More Likely to Attack Top EPSS Vulnerabilities within Seven Days Compared to All Other CVEs: Since its inception, Fortinet has been a core contributor of exploitation activity data in support of the Exploit Prediction Scoring System (EPSS). This project aims to leverage a myriad of data sources to predict the likelihood and when a vulnerability will be exploited in the wild. FortiGuard Labs analyzed six years of data spanning more than 11,000 published vulnerabilities that detected exploitation and found that the Common Vulnerabilities and Exposures (CVEs) categorized with a high EPSS score (top 1% severity) are 327x more likely to be exploited within seven days than any other vulnerability. This first-of-its-kind analysis can serve as the canary in the coal mine, giving CISOs and security teams an early indication of targeted attacks against their organizations. Like the Red Zone, introduced in the last Threat Landscape Report, this intelligence can help security teams systematically prioritize patching efforts to minimize their organizations’ risk.

The Red Zone Continues to Help CISOs Prioritize Patching Efforts: The analysis by FortiGuard Labs around EPSS exploitation in the wild expands upon the efforts to define the Red Zone, which helps quantify the proportion of available vulnerabilities on endpoints that are being actively attacked.

Nearly One-Third of APT Groups Were Active in 1H 2023: For the first time in the history of the Global Threat Landscape Report, FortiGuard Labs tracked the number of threat actors behind the trends.

Five-Year Comparison Reveals Explosion in Unique Exploits, Malware Variants and Botnet Persistence:

• Unique Exploits on the Rise: In 1H 2023, FortiGuard Labs detected more than 10,000 unique exploits, up 68% from five years ago. The spike in unique exploit detections highlights the sheer volume of malicious attacks security teams must be aware of and how attacks have multiplied and diversified in a relatively short amount of time.
• Malware Families and Variants Exploded, Up 135% and 175% Respectively: In addition to the significant uptick in malware families and variants, another surprising finding is that the number of malware families that propagate to at least 10% of global organizations (a notable prevalence threshold) has doubled over the last five years.
• Botnets Lingering in Networks Longer Than Ever: While the report finds more active botnets (+27%) and a higher incidence rate among organizations over the last half-decade (+126%), one of the more shocking findings is the exponential increase in the total number of “active days”, which FortiGuard Labs defines as the amount of time that transpires between the first hit of a given botnet attempt on a sensor and the last.

Disrupting Cybercrime Requires an All-in Approach

FortiGuard Labs’ contributions to the threat intelligence community over the last decade have made significant impacts around the globe, helping to improve protections for customers, partners, and governments in their fight against cybercrime.

Report Overview

This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2023.