FortiGuard Labs reports destructive wiper malware increases over 50%

FortiGuard Labs reports destructive wiper malware increases over 50%

Fortinet, a global cybersecurity leader driving the convergence of networking and security, has announced the latest semi-annual Global Threat Landscape Report from FortiGuard Labs. The threat landscape and organisations’ attack surface are constantly transforming and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography.

Highlights of the 2H 2022 report are:

  • The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks.
  • New intelligence allows CISOs to prioritise risk mitigation efforts and minimise the active attack surface with the expansion of the ‘Red Zone’ approach.
  • Ransomware threats remain at peak levels with no evidence of slowing down globally with new variants enabled by Ransomware-as-a-Service (RaaS).
  • The most prevalent malware was more than a year old and had gone through a large amount of speciation, highlighting the efficacy and economics of reusing and recycling code.
  • Log4j continues to impact organisations in all regions and industries, most notably across technology, government and education.

Destructive APT-like wiper malware spreads wide in 2022

Analysing wiper malware data reveals a trend of cyber adversaries consistently using destructive attack techniques against their targets. It also shows that with the lack of borders on the Internet, cyber adversaries can easily scale these types of attacks, which have been largely enabled by the Cybercrime-as-a-Service (CaaS) model.

In early 2022, FortiGuard Labs reported the presence of several new wipers in parallel with the Russia-Ukraine war. Later in the year, wiper malware expanded into other countries, fuelling a 53% increase in wiper activity from Q3 to Q4 alone. While some of this activity was enabled by wiper malware that may have been initially developed and deployed by nation-state actors surrounding the war, it is being picked up by cybercriminal groups and is spreading beyond just Europe. Unfortunately, the trajectory of destructive wiper malware does not appear to be slowing any time soon based on the activity volume seen in Q4, which means any organisation remains a potential target, not just organisations based in Ukraine or surrounding countries.

“For cyber adversaries, maintaining access and evading detection is no small feat as cyber defences continue to advance to protect organisations today,” said Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs. “To counter, adversaries are augmenting with more reconnaissance techniques and deploying more sophisticated attack alternatives to enable their destructive attempts with APT-like threat methods such as wiper malware or other advanced payloads. To protect against these advanced persistent cybercrime tactics, organisations need to focus on enabling Machine Learning–driven coordinated and actionable threat intelligence in real time across all security devices to detect suspicious actions and initiate coordinated mitigation across the extended attack surface.”

This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the second half of 2022. Using the MITRE ATT&CK framework, which classifies adversary tactics, techniques and procedures (TTPs), the FortiGuard Labs Global Threat Landscape Report sets out to describe how threat actors target vulnerabilities, build malicious infrastructure and exploit their targets. The report also covers global and regional perspectives as well as threat trends affecting both IT and OT environments.

Browse our latest issue

Intelligent CISO

View Magazine Archive