Fortinet Reports Massive Increase in Ransomware Variants
A report published by FortiGuard Labs arm of Fortinet today finds that the number of ransomware variants detected in the last six months has increased by nearly a factor of two. A total of 10,666 ransomware variants have been detected in the last six months, compared to 5,400 variants detected in the previous six months.
The Fortinet report also notes there has been a surge in Wiper malware designed to delete data in the wake of the war that broke out between Russia and Ukraine. A number of groups affiliated with Russia have been launching Wiper attacks against targets in Ukraine as well as organizations that are perceived to be lending the country support.
Fortinet reports it has identified at least seven major new wiper variants in the first six months of 2022 that were used in various targeted campaigns against government, military and private organizations in Ukraine. That’s significant because that’s almost as many wiper variants that have been publicly detected in total since 2012 when an attacker used the Shamoon wiper to attack tens of thousands of computers owned by Saudi Aramco in Saudi Arabia and RasGas in Qatar.
Examples of recent Wiper attacks include CaddyWiper, a variant used to wipe data and partition information from drives on systems belonging to a limited number of Ukrainian organizations soon after the war began, and WhisperGate, a wiper that Microsoft discovered being used in attacks against Ukrainian entities in January 2022.
Derek Manky, chief security strategist and vice president for global threat intelligence at Fortinet, said that while the increase in known variants of Wiper attacks is not unexpected, the rate at which these attacks are being employed is climbing quickly.
In addition to variants of Wiper attacks and ransomware, the Fortinet report notes that 2022 is on pace to be another record year for zero-day vulnerabilities. In the first six months of the year, Fortinet discovered 72 of these types of vulnerabilities in products from numerous vendors.
Finally, the report notes that cybercriminals are becoming more adept at evading cybersecurity defenses, with system binary proxy execution being the most widely employed technique, followed by a process injection that injects code into software.
In general, as attacks continue to increase in volume and sophistication, there is no doubt cybersecurity will need to evolve as the overall size of the attack surface that needs to be defended also expands, noted Manky. In addition to centralizing the management of cybersecurity in the cloud, organizations will also need to implement zero-trust IT policies and rely more on machine learning algorithms to detect attacks, he noted.
Of course, the biggest challenge organizations face today is arguably the shortage of cybersecurity expertise available to combat these attacks. The only way to compensate for that shortage is to employ more automation. However, a general lack of interoperability between cybersecurity platforms often makes it difficult to implement automation at scale.
Cybercriminals, unfortunately, are not as encumbered, so for now there seems to be no end in sight for preventing cyberattacks from ever being launched in the first place.