FortiGuard Labs: Organizations detecting ransomware decline as targeted attacks rise

2023-10-13 10:30:32 PHT

Fortinet recently announced the latest semiannual Global Threat Landscape Report from FortiGuard Labs. During a press briefing held at the New World Makati Hotel, Alan Reyes, Country Manager of Fortinet Philippines, shared key insights from FortiGuard Labs Q2 2023 Threat Report. This report provides organizations with valuable intelligence on potential threat activities.

In the first half of 2023, FortiGuard Labs observed notable trends, including a decrease in ransomware detections, heightened activity among advanced persistent threat (APT) groups, shifts in MITRE ATT&CK techniques used by attackers, and more. Beyond the highlights mentioned here, the comprehensive analysis is available in the 1H 2023 Global Threat Landscape Report. The report also revealed that Fortinet successfully identified and defended against approximately 17.7 million viruses, botnets, and exploits per day in the Philippines during Q2 2023.

Reyes emphasized that the distribution of threats in Q2 2023 remained relatively consistent compared to the previous quarter. He noted, "The Asia-Pacific (APAC) region contributed to approximately 25 to 33% of the global telemetry data. However, our threat report underscored the significant number of viruses, botnets, and exploits encountered regularly. This highlights the urgent need for organizations to bolster their cybersecurity strategies to strengthen their defenses, especially in light of the growing sophistication and frequency of threats."

The Philippines, Q2 2023

The latest findings from FortiGuard Labs reveal that Excel and Microsoft Intermediate Language (MSIL) malware variants have emerged as the predominant cybersecurity threats across the Asia-Pacific (APAC) region during the second quarter of 2023. These malware types stand out due to their adaptability and versatility in creating various forms of malicious software. Excel malware, often disseminated through phishing emails containing malicious macros, remains a prevalent attack vector. Meanwhile, MSIL, a bytecode format utilized by the .NET framework, proves to be highly modifiable, adding to its threat potential.

In the Philippines, the FortiGuard Labs team detected a staggering 4.3 million instances of viruses. Notably, the JS/Agent,Cy!tr virus emerged as the most prominent, contributing to 3.5% of viruses detected within the quarter. It was closely followed by HTML/Agent.ROUT!phish, which accounted for 3.2% of the detected viruses.

In addition, with botnet activities during the first quarter of 2023, the Philippines faced significant challenges from Mirai, Ghost Rat, Bladabindi, Mozi, and RotaJakiro botnets. These malicious networks were responsible for a range of nefarious activities, including distributed denial-of-service (DDoS) attacks, credential harvesting, and data exfiltration. FortiGuard Labs recorded a total of 18.6 million botnet attacks, with Mirai and Gh0st.rai being the predominant threat, representing 16% of all observed botnet activity in the quarter.

These findings underscore the need for businesses in the Philippines and individuals to remain vigilant and proactive in fortifying their cybersecurity defenses against the evolving threat landscape, reinforcing the importance of timely patching and the deployment of robust security measures.