Cybercriminal exploit rates rise 43% in 2023's second half
The second half of 2023 saw cybercriminals exploit new industry vulnerabilities 43% faster than in its first half, according to the FortiGuard Labs 2H 2023 Global Threat Landscape Report from cybersecurity firm Fortinet. The semiannual report offers a detailed overview of current threat trends, demonstrating how swiftly attackers are capitalising on recently revealed weak points, as well as the increased occurrence of targeted ransomware and wiper activities against the OT (operational technology) and industrial sectors.
Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at FortiGuard Labs emphasised the responsibilities of both vendors and customers in these settings. He stressed, "Vendors must introduce robust security scrutiny at all stages of the product development life cycle and dedicate themselves to responsible radical transparency in their vulnerability disclosures." He highlighted that in 2023 alone, the National Institute of Standards and Technology cited over 26,447 vulnerabilities across more than 2,000 vendors. Consequently, it is critical that customers maintain regular patching routines to lessen the risk of exploitation.
According to Glenn Maiden, Director of Threat Intelligence at FortiGuard Labs, Australia and New Zealand, the escalating pace of cyber vulnerabilities exploited in the wild is extremely alarming. He warned that companies now require an aggressive patch deployment strategy of utmost urgency. His statement follows the report's revelation that attacks occur on an average of 4.76 days following a vulnerability disclosure and marked the necessity of a multi-layered security approach.
Key findings from the report further underscored increased threat speed, with attacks starting on average 4.76 days after new exploits were publicly disclosed, a 43% rise from 1H 2023. Another notable revelation in the report was that some N-Day vulnerabilities remain unpatched for over 15 years. Alarmingly, 41% of organisations reported detecting exploits from signatures that were less than one month old, and nearly every organisation (98%) noted N-Day vulnerabilities existing for at least five years.
In terms of industry targeting, the industrial sectors experienced a significant amount of hostile attention, with 44% of all ransomware and wiper samples aimed at these sectors. Botnet resilience was also marked, demonstrating an average of 85 days for command and control communications to cease after initial detection. Furthermore, of the 143 advanced persistent threat (APT) groups listed by MITRE, 38 were observed to be active during 2H 2023.
Ultimately, the report stressed the urgent need for a culture of collaboration, transparency, and accountability across the cybersecurity industry to turn the tide against cybercrime. Demonstrating a firm commitment to enhance cyber resilience globally, Fortinet collaborates with prestigious organisations from both the public and private sectors, including CERTs, government entities, and academia.