Destructive wiper malware increases over 50% while adversarial supply chains strengthen in complexity and sophistication to counter evolving defenses, according to FortiGuard Labs 

Fortinet, the global cybersecurity company, has announced the latest semiannual FortiGuard Labs Global Threat Landscape Report. 

Latin America and the Caribbean suffered more than 360 billion attempted cyberattacks in 2022, according to data from FortiGuard Labs, Fortinet’s threat intelligence and analysis laboratory.

Mexico received the most attempted attacks (187 billion), followed by Brazil (103 billion), Colombia (20 billion), and Peru (15 billion). 

“For cyber adversaries, maintaining access and evading detection is no small feat as cyber defenses continue to advance to protect organisations today. To counter, adversaries are augmenting with more reconnaissance techniques and deploying more sophisticated attack alternatives to enable their destructive attempts with APT-like threat methods such as wiper malware or other advanced payloads,” said Derek Manky, chief security strategist & global VP – threat intelligence, FortiGuard Labs.

“To protect against these advanced persistent cybercrime tactics, organisations need to focus on enabling machine learning-driven coordinated and actionable threat intelligence in real time across all security devices to detect suspicious actions and initiate coordinated mitigation across the extended attack surface.”

Highlights of the 2H 2022 report follow: 

· The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks.

· The ransomware threat remains at peak levels with no evidence of slowing down globally with new variants enabled by Ransomware-as-a-Service (RaaS).

· The most prevalent malware was more than a year old and had gone through a large amount of speciation, highlighting the efficacy and economics of reusing and recycling code.

·  Log4j continues to rear its ugly head among organisations in all regions and industries, most notably across technology, government, and education.

Destructive APT-like Wiper Malware Spreads Wide in 2022 

Analysing wiper malware data reveals a trend of cyber adversaries consistently using destructive attack techniques against their targets. It also shows that with the lack of borders on the Internet, cyber adversaries can easily scale these types of attacks which have been largely enabled by the Cybercrime-as-a-Service (CaaS) model. In early 2022, FortiGuard Labs reported the presence of several new wipers in parallel with the Russia-Ukraine war. Later in the year, wiper malware expanded into other countries, fueling a 53 per cent increase in wiper activity from Q3 to Q4 alone. Unfortunately, the trajectory of destructive wiper malware does not appear to be slowing, which means any organisation remains a potential target. 

Financially Motivated Cybercrime Holding at Peak Levels 

FortiGuard Labs Incident Response (IR) engagements found that financially motivated cybercrime resulted in the highest volume of incidents (73.9%), with a distant second attributed to espionage (13%). In all of 2022, 82 per cent of financially motivated cybercrime involved the employment of ransomware or malicious scripts, showing that the global ransomware threat remains in full force with no evidence of slowing down thanks to the growing popularity of Ransomware-as-a-Service (RaaS) on the dark web. In fact, ransomware volume increased 16 per cent from the first half of 2022.

 Adversary Code Reuse Showcases the Resourceful Nature of Adversaries

Cyber adversaries are enterprising in nature and always looking to maximise existing investments and knowledge to make their attack efforts more effective and profitable. Code reuse is an efficient and lucrative way for criminals to build upon successful outcomes while making iterative changes to fine tune their attacks and overcome defensive obstacles.

When FortiGuard Labs analysed the most prevalent malware for the second half of 2022, most of the top spots were held by malware that was more than one year old. Cyber adversaries are not just automating threats, but actively retrofitting code to make it even more effective. 

Older Botnet Demonstrates the Resiliency of Adversarial Supply Chains

In addition to code reuse, adversaries are also leveraging existing infrastructure and older threats to maximise opportunity.

When examining botnet threats by prevalence, many of the top botnets are not new.

These “vintage” botnets are still pervasive for a reason: they are still very effective. Specifically, in the second half of 2022, significant targets of Mirai included Managed Security Service Providers (MSSPs), the telco/carrier sector, and the manufacturing sector, which is known for its pervasive operational technology (OT). Criminals are making a concerted effort to target those industries with proven methods.

Log4j Remains Widespread and Targeted by Cybercriminals

Even with all the publicity that Log4j received in 2021 and the early parts of 2022, a significant number of organisations still have not patched or applied the appropriate security controls to protect their organisations against one of the most notable vulnerabilities in history. In the second half of 2022, Log4j was still heavily active in all regions. 

 Adversaries are primarily gaining access to victims’ systems when the unsuspecting user browses the internet and unintentionally downloads a malicious payload by visiting a compromised website, opening a malicious email attachment, or even clicking a link or deceptive pop-up window. The challenge with the drive-by tactic is that once a malicious payload is accessed and downloaded, it is often too late for the user to escape compromise unless they have a holistic approach to security.