Technical report: Ransomware targets 44% of industrial sectors in the world

Cyber ​​attackers have increased their exploitation of newly discovered security vulnerabilities, and attacks targeting the industrial and operational sectors have increased around the world. Ransomware threats and data erasures witnessed by industrial sectors have also increased, with 44% of them being targeted during the last half of 2023, according to a recent technical report.
The report, prepared by Fortinet, explained –Specializing in cybersecurity solutions, said that although ransomware detections generally decreased by 70% compared to the first half of 2023, this decrease was accompanied by the attackers’ shift towards more precise and focused targeting, and the energy, healthcare, manufacturing, transportation, logistics and automotive sectors topped the list. The sectors most targeted by these attacks.
The report, which is based on a comprehensive analysis conducted by the FortiGuard Laboratories team, indicated (FortiGuard Labs) The company’s affiliate indicated that malicious actors are intensifying their efforts to exploit the new discovered security vulnerabilities, which poses a major risk to organizations around the world, including Saudi Arabia..
The report highlighted bot networks (automated armies) and their great resilience, as it took time to disrupt communications between command and control devices. (C2) After their initial detection an average of 85 days, showing that although the level of bot traffic is generally stable, well-known bot networks such as Ghost (Gh0st)and died (Mirai)ministerial access (ZeroAccess) It still poses a present threat, noting the emergence of three new bot networks in the second half of 2023, namely Androx Ghost. (AndroxGh0st)and Brometheus (Prometheus)and Dark Gate (DarkGate).
The report found that cyberattacks began at an accelerated pace immediately after the public disclosure of new security vulnerabilities (exploits), with attacks beginning on average within 4.76 A day after the vulnerability was publicly announced, this represents a speed increase of 43% Compared to the first half of 2023.
This acceleration underscores the importance of vendors early detection of security vulnerabilities and development of patch programs “Patching” and disclosing vulnerabilities to customers with complete transparency, which helps reduce the risks of security vulnerabilities, which are known as zero-sum vulnerabilities. (zero-day)to enable users to effectively protect their digital assets.
In addition to the newly discovered security vulnerabilities, the report showed that 98% of organizations monitored attempts to exploit old security vulnerabilities that have not yet been addressed and have been known for at least five years. (N-day)The attackers also exploited security vulnerabilities that were more than 15 years old, which confirms the need for organizations to place security hygiene as a top priority, implement continuous update and patch programs, and follow best practices to enhance the security of their networks..
Despite the presence of a huge number of known security vulnerabilities in endpoints (computers and devices connected to the network), the report presented some positives about combating their exploitation, as the data indicates a noticeable decrease in attacks targeting these vulnerabilities, and that only less than 9% of them were targeted. Endpoint vulnerabilities over the past period, which shows the effectiveness of advanced security solutions in reducing the risks of hacking.
During 2022, FortiGuard Labs created the “Danger Zone” concept, as research found that only 0.7% of common vulnerabilities discovered on endpoints were actually attacked during the second half of 2023, which indicates that the active attack space that teams have to… The security focus on them has become much smaller, allowing them to prioritize patching efforts more effectively.
Sami Al-Shuwairich, Senior Regional Director of Fortinet in Saudi Arabia, explained that the report shows that malicious actors are intensifying their efforts to exploit the new discovered security vulnerabilities, which poses a great danger to organizations around the world, including Saudi Arabia..
Al-Shuwairikh said: “These threats pose dangers to the vital digital infrastructure in Saudi Arabia in both the public and private sectors, which is a fundamental pillar of the vision of… 2030Pointing out that as Saudi institutions become increasingly dependent on digital solutions, they become more vulnerable to ransomware attacks, data scanning, and bot networks, which may lead to significant financial losses, disruption of operations, and data corruption..
He stressed the need for Saudi institutions to strengthen their security strategies by taking proactive steps to strengthen their digital infrastructure, stressing the importance of investing in advanced cybersecurity solutions, raising employees’ awareness of their importance, and training them on how to recognize and avoid electronic threats..
He added: “Dealing with cybercrime requires a broader culture of cooperation, transparency and accountability, as cooperation with highly respected, high-level organizations from the public and private sectors, including government bodies and academia, is an essential aspect.”
The report pointed to the activity of 38 out of 143 advanced persistent threat groups tracked by MITER (MITRE) During the second half of 2023, one of the most prominent groups that have been monitored is the Lazarus Group (Lazarus Group)and Kimosky (Kimusky)AndAPT28AndAPT29Andariel (Andariel)and Oville Ridge (OilRig).