RSA Conference 2024
Derek Manky, Chief Security Strategist and Global VP
Threat Intelligence, FortiGuard Labs“The 2H 2023 Global
Threat Landscape Report from FortiGuard Labs continues to shine a
light on how quickly threat actors are taking advantage of newly
disclosed vulnerabilities. In this climate, both vendors and
customers have a role to play. Vendors must introduce robust
security scrutiny at all stages of the product development life
cycle and dedicate themselves to responsible radical transparency
in their vulnerability disclosures. With over 26,447
vulnerabilities across more than 2,000 vendors in 2023 as cited by
NIST, it is also critical that customers maintain a strict patching
regimen to reduce the risk of exploitation.”
News Summary: Fortinet® (NASDAQ: FTNT), the
global cybersecurity leader driving the convergence of
networking and security, today announced the release of the
FortiGuard Labs 2H 2023 Global Threat Landscape Report. The latest
semiannual report is a snapshot of the active threat landscape and
highlights trends from July to December of 2023, including analysis
on the speed with which cyber attackers are capitalizing on newly
identified exploits from across the cybersecurity industry and the
rise of targeted ransomware and wiper activity against the
industrial and OT sector.
Key findings from the second half of 2023 include:
- Attacks started on average 4.76 days after new exploits
were publicly disclosed: Like the 1H 2023 Global Threat
Landscape Report, FortiGuard Labs sought to determine how long it
takes for a vulnerability to move from initial release to
exploitation, whether vulnerabilities with a high Exploit
Prediction Scoring System (EPSS) score get exploited faster, and
whether it could predict the average time-to-exploitation using
EPSS data. Based on this analysis, the second half of 2023 saw
attackers increase the speed with which they capitalized on newly
publicized vulnerabilities (43% faster than 1H 2023). This shines a
light on the need for vendors to dedicate themselves to internally
discovering vulnerabilities and developing a patch before
exploitation can occur (mitigate instances of 0-Day
vulnerabilities). It also reinforces that vendors must proactively
and transparently disclose vulnerabilities to customers to ensure
they have the information needed to effectively protect their
assets before cyber adversaries can exploit N-day
vulnerabilities.
- Some N-Day vulnerabilities remain unpatched for 15+
years: It’s not just newly identified vulnerabilities that
CISOs and security teams must worry about. Fortinet telemetry found
that 41% of organizations detected exploits from signatures less
than one month old and nearly every organization (98%) detected
N-Day vulnerabilities that have existed for at least five years.
FortiGuard Labs also continues to observe threat actors exploiting
vulnerabilities that are more than 15 years old, reinforcing the
need to remain vigilant about security hygiene and a continued
prompt for organizations to act quickly through a consistent
patching and updating program, employing best practices and
guidance from organizations such as the Network Resilience
Coalition to improve the overall security of networks.
- Less than 9% of all known endpoint vulnerabilities were
targeted by attacks: In 2022, FortiGuard Labs introduced
the concept of the “red zone,” which helps readers better
understand how likely it is that threat actors will exploit
specific vulnerabilities. To illustrate this point, the last three
Global Threat Landscape Reports have looked at the total number of
vulnerabilities targeting endpoints. In 2H 2023, research found
that 0.7% of all CVEs observed on endpoints are actually under
attack, revealing a much smaller active attack surface for security
teams to focus on and prioritize remediation efforts.
- 44% of all ransomware and wiper samples targeted the
industrial sectors: Across all of Fortinet’s sensors,
ransomware detections dropped by 70% compared to the first half of
2023. The observed slowdown in ransomware over the last year
can best be attributed to attackers shifting away from the
traditional “spray and pray” strategy to more of a targeted
approach, aimed largely at the energy, healthcare, manufacturing,
transportation and logistics, and automotive industries.
- Botnets showed incredible resiliency, taking on average
85 days for command and control (C2) communications to cease after
first detection: While bot traffic remained steady
relative to the first half of 2023, FortiGuard Labs continued to
see the more prominent botnets of the last few years, such as
Gh0st, Mirai, and ZeroAccess, but three new botnets emerged in the
second half of 2023, including: AndroxGh0st, Prometei, and
DarkGate.
- 38 of the 143 advanced persistent threat (APT) groups
listed by MITRE were observed to be active during 2H 2023:
FortiRecon, Fortinet’s digital risk protection service,
intelligence indicates that 38 of the 143 Groups that MITRE tracks
were active in the 2H 2023. Of those, Lazarus Group, Kimusky,
APT28, APT29, Andariel, and OilRig were the most active groups.
Given the targeted nature and relatively short-lived campaigns of
APT and nation-state cyber groups compared to the long life and
drawn-out campaigns of cybercriminals, the evolution and volume of
activity in this area is something FortiGuard Labs will be tracking
on an ongoing basis.
Dark Web Discourse The 2H 2023 Global Threat
Landscape Report also includes findings from FortiRecon, which give
a glimpse into the discourse between threat actors on dark web
forums, marketplaces, Telegram channels, and other
sources. Some of the findings include:
- Threat actors discussed targeting organizations within the
finance industry most often, followed by the business services and
education sectors.
- More than 3,000 data breaches were shared on prominent dark web
forums.
- 221 vulnerabilities were actively discussed on the darknet,
while 237 vulnerabilities were discussed on Telegram
channels.
- Over 850,000 payment cards were advertised for sale.
Join the Discussion on Responsible Radical Transparency
at RSAC 2024Learn more about the importance of driving
responsible transparency across the cybersecurity industry from
renowned industry experts during the session, “No More Secrets in
Cybersecurity: Implementing Radical Transparency.”
Time: Thursday, May 9, from 10:50 to 11:40 a.m.
PT Location: Moscone South Room 156
Panelists:
- Carl Windsor, Sr. Vice President, Product Technology and
Solutions, Fortinet
- Michael Daniel, President and Chief Executive Officer, Cyber
Threat Alliance
- Eric Goldstein, Executive Assistant Director for Cybersecurity,
DHS-CISA
- Suzanne Spaulding, Former Undersecretary, U.S. Department of
Homeland Security
Turning the Tide Against CybercrimeWith the
attack surface constantly expanding and an industrywide
cybersecurity skills shortage, it’s more challenging than ever for
businesses to properly manage complex infrastructure composed of
disparate solutions, let alone keep pace with the volume of alerts
from point products and the diverse tactics, techniques, and
procedures threat actors leverage to compromise their victims.
Turning the tide against cybercrime requires a culture of
collaboration, transparency, and accountability on a larger scale
than from just individual organizations in the cybersecurity space.
Every organization has a place in the chain of disruption against
cyberthreats. Collaboration with high-profile, well-respected
organizations from both the public and private sectors, including
CERTs, government entities, and academia, is a fundamental aspect
of Fortinet’s commitment to enhance cyber resilience globally.
It's through constant technology innovation and collaboration
across industries and working groups, such as Cyber Threat
Alliance, Network Resilience Coalition, Interpol, the World
Economic Forum (WEF) Partnership Against Cybercrime, and WEF
Cybercrime Atlas, that will collectively improve protections and
aid in the fight against cybercrime globally.
Additional Resources
- Read the blog for valuable takeaways from this research, or
access the full report.
- Learn more about FortiGuard Labs threat intelligence and
research and Outbreak Alerts, which provide timely steps to
mitigate breaking cybersecurity attacks.
- Learn about Fortinet’s free cybersecurity training, which
includes broad cyber awareness and product training. As part of the
Fortinet Training Advancement Agenda (TAA), the Fortinet Training
Institute also provides training and certification through
the Network Security Expert (NSE) Certification, Academic
Partner, and Education Outreach programs.
- Follow Fortinet on Twitter, LinkedIn, Facebook,
and Instagram. Subscribe to Fortinet on
our blog or YouTube.
- Visit fortinet.com/trust to learn more about Fortinet
innovation, collaboration partners, product security processes, and
enterprise-grade products that contribute to delivering proven
cybersecurity, everywhere you need it.
- Learn more about Fortinet's commitment to product security
and integrity, including its responsible product development and
vulnerability disclosure approach and policies.
About FortiGuard Labs FortiGuard Labs is the
threat intelligence and research organization at Fortinet. Its
mission is to provide Fortinet customers with the industry’s best
threat intelligence designed to protect them from malicious
activity and sophisticated cyberattacks. It is composed of some of
the industry’s most knowledgeable threat hunters, researchers,
analysts, engineers, and data scientists in the industry, working
in dedicated threat research labs all around the world. FortiGuard
Labs continuously monitors the worldwide attack surface using
millions of network sensors and hundreds of intelligence-sharing
partners. It analyzes and processes this information using AI and
other innovative technology to mine that data for new threats.
These efforts result in timely, actionable threat intelligence in
the form of Fortinet security product updates, proactive threat
research to help our customers better understand the threats and
actors they face, and threat intelligence to help our customers
better understand and defend their threat landscape. Learn more at
https://www.fortinet.com, the Fortinet Blog, and FortiGuard
Labs.
About FortinetFortinet (NASDAQ: FTNT) is a
driving force in the evolution of cybersecurity and the convergence
of networking and security. Our mission is to secure people,
devices, and data everywhere, and today we deliver cybersecurity
everywhere you need it with the largest integrated portfolio of
over 50 enterprise-grade products. Well over half a million
customers trust Fortinet's solutions, which are among the most
deployed, most patented, and most validated in the industry.
The Fortinet Training Institute, one of the largest and
broadest training programs in the industry, is dedicated to making
cybersecurity training and new career opportunities available to
everyone. Collaboration with high-profile,
well-respected organizations from both the public and
private sectors, including CERTs, government entities, and
academia, is a fundamental aspect of Fortinet’s commitment
to enhance cyber resilience globally. FortiGuard Labs,
Fortinet’s elite threat intelligence and research
organization, develops and utilizes leading-edge machine
learning and AI technologies to provide customers with timely and
consistently top-rated protection and actionable threat
intelligence. Learn more at https://www.fortinet.com,
the Fortinet Blog, and FortiGuard Labs.
Copyright © 2024 Fortinet, Inc. All rights reserved. The symbols
® and ™ denote respectively federally registered trademarks and
common law trademarks of Fortinet, Inc., its subsidiaries and
affiliates. Fortinet’s trademarks include, but are not limited to,
the following: Fortinet, the Fortinet logo, FortiGate, FortiOS,
FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC,
FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC,
FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam,
FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera,
FortiCarrier, FortiCASB, FortiCentral, FortiConnect,
FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS,
FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR,
FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB,
FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink,
FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest,
FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence,
FortiProxy, FortiRecon, FortiRecorder, FortiSASE,
FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch,
FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN,
FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other
trademarks belong to their respective owners. Fortinet has not
independently verified statements or certifications herein
attributed to third parties and Fortinet does not independently
endorse such statements. Notwithstanding anything to the contrary
herein, nothing herein constitutes a warranty, guarantee, contract,
binding specification or other binding commitment by Fortinet or
any indication of intent related to a binding commitment, and
performance and other specification information herein may be
unique to certain environments.
Media Contact: |
Investor Contact: |
Analyst Contact: |
|
|
|
Travis Anderson |
Peter Salkowski |
Brian Greenberg |
Fortinet, Inc. |
Fortinet, Inc. |
Fortinet, Inc. |
408-235-7700 |
408-331-4595 |
408-235-7700 |
pr@fortinet.com |
psalkowski@fortinet.com |
analystrelations@fortinet.com |
Fortinet (NASDAQ:FTNT)
Gráfico Histórico do Ativo
De Ago 2024 até Set 2024
Fortinet (NASDAQ:FTNT)
Gráfico Histórico do Ativo
De Set 2023 até Set 2024