FortiGuard Labs has just released our 2021 mid-year Global Threat Landscape Report. The first six months of 2021 saw a significant increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure. Here is a quick review of the highlights from this mid-year report:
Attackers Widen the Net as There’s a Tenfold Increase in Ransomware
Last year at this time, attackers had shifted their resources away from enterprise infrastructure devices to home networks and consumer-grade products. But now, they are aggressively targeting both. Top IPS detections, for example, show that while criminals continue to aggressively target small business and consumer-grade technologies to exploit home workers, they have also returned to targeting corporate networks and content management and application development platforms (CMS).
Botnet Activity Spiked in the First Half of 2021
Another trend documented by FortiGuard Labs over the past six months has been the sheer increase in the volume of attacks. For example, the percentage of organizations detecting botnet activity jumped from 35% to 51% by the mid-year mark.
That increase was led by a surge in the use of TrickBot, designed initially as a banking trojan but since evolved into a sophisticated, modular, and multi-stage toolkit supporting a range of illicit activities. Mirai was the most prevalent botnet, overtaking Gh0st in early 2020 and never looking back. Mirai has continued adding new cyberweapons to its arsenal. Its dominance partially stems from criminals seeking to exploit IoT devices used by WFA or remote-learning individuals. Gh0st, however, continues to play a significant role in botnet activity.
Ransomware Continues to Explode
But the most significant increase in cyber threats has been ransomware, which saw a staggering more than tenfold increase over the past 12 months. This is being fueled, in part, by the continued growth of Ransomware-as-a-Service (RaaS). In addition to renting ransomware, some operators have begun selling access to compromised corporate networks, making it that much easier for less technical criminals to get involved.
Organizations in the telecommunications sector were the most heavily targeted during the first half of 2021, followed by government agencies, managed security service providers, automotive, and manufacturing sectors. Numerous high-profile attacks crippled sectors of critical importance, impacting daily life, productivity, and commerce. These include the Colonial Pipeline attack that disrupted oil and gasoline distribution across the East Coast of the US, the JBS Foods attack that led to concerns about a global meat shortage, and the supply chain attack against Kaseya VSA that resulted in downstream customers being impacted.
But it’s not just the volume of ransomware attacks that have increased, but their ferocity as well. Cybercriminals have been adding levels of extortion to get victims to pay. This includes combining encryption with doxing (the threat of publicly exposing internal data), adding a DDoS attack to create additional confusion and panic, and now, reaching out directly to a victim’s customers and stakeholders so they will put further pressure on the victim to pay.