Plato Data Intelligence.
Vertical Search & Ai.

Ransomware, Wiper, Botnet Attacks Are on the Rise Warns Fortinet

Date:

In 2022, cybercriminals became more methodical and innovative in their tactics, reviving old methods, introducing new advanced attack techniques, and continually coming up with more sophisticated ways to infiltrate networks, according to a new report by American cybersecurity firm Fortinet.

The 2H 2022 Threat Landscape Report, released in February 2023, examines the cyberthreat landscape over the second half of 2022, identifying increased ransomware, wiper attacks, and botnet attacks during the period.

According to the report, ransomware remained in full force in H2 2022, rising by about 16% in volume from the first to the second half of the year. This growth was largely driven by the proliferation of ransomware-as-a-service, which allows nearly anyone to stage attacks.

During the period, GandCrab, a RaaS malware introduced in 2018, was the most popular ransomware, accounting for 11% of all attacks in the category, the research found.

It also notes, however, that, in addition to familiar names, 2022 also saw the introduction of new tools, including Royal Ransomware, which not only asks victims to pay a ransom for file decryption and prevent stolen files from being leaked to the public, but which also offers penetration testing and security review services for a fee, as well as Cryptonite, an open source ransomware toolkit.

Monthly ransomware volume for 2022, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Monthly ransomware volume for 2022, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Wipers, which involve wiping, overwriting or removing data the victim, also saw an increase in volume last year. Between Q3 and Q4 2022, the number of wiper attacks rose by a significant 53%. The trend is expected to carry on this year, the report says.

Quarterly wiper volume in 2022, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Quarterly wiper volume in 2022, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

The majority of wiper activity observed in 2022 came out of Russia and involved state-sponsored actors and pro-Russian hacktivist groups, the research found.

In November 2022, WhisperGate, a malware used to target organizations in Ukraine, rose to prominence and became the most used wiper. Usage of HermaticWiper, a wiper initially discovered in late 2021 and which has also affected organizations in Ukraine, also rose last year, the report notes.

Percent of organizations seeing each wiper by region, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Percent of organizations seeing each wiper by region, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Similarly to ransomware and wipers, botnet attacks also rose significantly during the second half of 2022. The number of these attacks, which involve using a swarm of infected devices to carry out various scams and cyberattacks, increased sharply, reaching 270.1 million hits in November and soaring to 498.8 million in December 2022.

Morto, which was first observed in 2011, accounted for a large portion of this dramatic increase, with 25.3 million attacks in November and 84.6 million in December. The figures represent a more than threefold increase month-on-month (MoM).

Attacks using ZeroAccess, a Trojan horse computer malware originally founded in 2011, also increased, soaring from 26.3 million hits in November to almost 115 million in December – a more than fourfold increase MoM.

Monthly volume of top 10 botnets, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Monthly volume of top 10 botnets, Source: 2H 2022 Threat Landscape Report, Fortinet, Feb 2023

Growing cyberthreat activity has also been observed in the financial services industry. According to data from Akamai, an American web and Internet security firm, web application and application programming interface (API) attacks against financial services firms grew by 257% in 2022 year-on-year (YoY).

These types of attacks particularly increased in the Asia-Pacific and Japan region, where they grew by 449%. Australia, Japan and India were found to be the countries with the highest number of web application and API attacks in the region during the period.

Mounting cyberthreats in the financial industry could in part be explained by the poor defenses put in place by industry players, as well as weak regulatory safeguards.

According to a recent survey of 51 countries conducted by the International Monetary Fund (IFM), 56% of the central banks or supervisory authorities polled do not have a national cyber strategy for the financial sector. 42% of the respondents indicated lacking a dedicated cybersecurity or technology risk-management regulation, and 68% said they do not have a specialized risk unit as part of their supervision department.

More shockingly, 64% of the respondents indicated not even mandating the testing and exercising of cybersecurity measures, or providing further guidance.

Featured image credit: Edited from Freepik

Print Friendly, PDF & Email
spot_img

Latest Intelligence

spot_img