Fortinet's semiannual cybersecurity threat report revealed an uptick in the automation and speed of security attacks, and use of more advanced cybercrime strategies.
In addition, threats during the second half of 2021 were more destructive and unpredictable, according to the FortiGuard Labs Global Threat Landscape Report. Bad actors are also taking advantage of a broader attack surface with a more distributed workforce.
Last year's Log4j vulnerabilities were an example of how bad actors are increasing the speed of their attacks.
"Log4j had nearly 50x the activity volume in comparison to the well-known outbreak, ProxyLogon, that happened earlier in 2021," according to Fortinet. "The reality is that organizations have very little time to react or patch today given the speeds that cyber adversaries are employing to maximize fresh opportunities."
Fortinet recommends that organizations rely on technologies such as AI and ML-powered intrusion prevention systems (IPS), aggressive patch management strategies and threat intelligence visibility tools to prioritize which threats to address first.
Malware targets hybrid workforce
Malware targeting Linux systems is also on the rise since many back-end network systems and container-based services for IoT devices and business applications rely on Linux, said Fortinet. Bad actors are also increasingly using browser-based malware such as phishing lures or scripts that redirect users to malicious sites, targeting the hybrid workforce.
"Such techniques continue to be a popular way for cybercriminals to exploit people's desire for the latest news about the pandemic, politics, sports or other headlines, and to then find entryways back to corporate networks," said Fortinet in the report. Zero-trust access and secure SD-WAN are among the security solutions Fortinet recommends to combat malware.
Ransomware delivered as-a-service
Cases of ransomware are also on the rise with bad actors updating old ransomware tools and creating ransomware-as-as-service (RaaS) business models where hackers can share and distribute existing ransomware tools versus starting from scratch.
"After a 10.7x increase over the prior 12 months, ransomware prevalence across our sensors remained at an elevated level over the latter half of 2021," Fortinet said.
BlackMatter, which is believed to be a rebranding of the DarkSide ransomware used in the Colonial Pipeline attack, was used last year in multiple attacks against US infrastructure, according to Fortinet.
"The Kaseya VSA remote monitoring and management technology attack attracted particular attention because of its widespread impact. This incident was another demonstration of the effectiveness of the breach-once-compromise-many nature of software supply chain attacks," wrote Derek Manky, CSO & VP of global threat intelligence for Fortinet, in a recent blog post. Zero trust access and regular data backups are among the company's recommendations for combating ransomware.
In a recent Omdia report, authors and analysts Maxine Hold and Bradley Shimmin called ransomware a "scourge on society, not only making corporate data inaccessible until a ransom is paid (including personally identifiable information, or PII) but also threatening to expose this data if the ransom isn't paid."
— Kelsey Kusterer Ziser, Senior Editor, Light Reading