In the past six months, the number of ransomware variants has doubled. Endpoints remain an important target for cybercriminals due to the ongoing “work from anywhere” trend.
This is according to research by Fortinet. The security experts discovered 10,666 new ransomware variants in six months. This represents a doubling compared to the second half of 2021, when 5,400 new variants were discovered.
The researchers see ransomware becoming more popular because it is becoming easier to deploy the aggressive hacking method. The popularity of so-called Ransomware-as-a-Service (RaaS) services has increased significantly.
Endpoints and OT systems still most attacked
When the researchers look at the most popular targets, they are mainly OT systems and endpoints. For endpoints, hackers like to use spoofing vulnerabilities and remote code execution capabilities. For endpoints, hackers often use old and new techniques to penetrate networks through these devices.
Hackers also like to abuse vulnerabilities for OT systems. Especially because of the far-reaching integration between IT and OT environments, which allows hackers to penetrate the systems even more easily. This allows them to cause major damage.
In terms of malware used, the study found an increasing use of wiper malware. An increase was particularly noticeable after the start of the war in Ukraine, but the use of this highly damaging malware has also spread to 24 other regions.
The most common attack technique, is still the circumvention of security mechanisms. Especially disguising this type of attack is popular these days, according to Fortinet’s analyses. Hackers use certificates, for example, to abuse trusted processes. They use process injection, among other things, for this purpose. Here cyber criminals inject code into the address space of a process in order to bypass security mechanisms and go about their business unseen.
Greater use of AI and ML-controlled security platforms
The researchers conclude that companies can better arm themselves against these types of attacks by having more practically usable threat information at their disposal. This information should preferably come from integrated security platforms driven by AI and machine learning. The platforms must have advanced functionality for detection and incident response. According to Fortinet, the platforms are indispensable to provide protection for all edges of hybrid networks.
Also read: Fortinet releases compact FortiGate 4800F firewall for data centers
12 hours ago
