2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Cybercriminals Are Becoming More Proficient at Exploiting Vulnerabilities – CySecurity News – La…

Cybercriminals Are Becoming More Proficient at Exploiting Vulnerabilities – CySecurity News – La…>
Cyber Security News
Fortinet’s semiannual report highlights the active threat landscape from July to December 2023, focusing on the increasing number of vulnerabilities triggered by the expansion of online services, applications, and connected devices
The report reveals that attacks began an average of 4.76 days after new exploits were publicly revealed, emphasizing the importance of vendors discovering and patching vulnerabilities before exploitation starts
Key findings:
1) Attackers exploited newly revealed vulnerabilities 43% faster than in the first half of 2023.
2) 41% of organizations discovered exploits from signatures less than a month old, while 98% detected N-Day vulnerabilities that had existed for at least five years.
3) Ransomware and wiper samples targeted the industrial sector (44%), with detections decreasing by 70% across all Fortinet sensors compared to the first half of 2023.
4) Botnets showed remarkable durability, with command and control (C2) connections ceasing on average 85 days after initial detection.
5) 38 out of 143 advanced persistent threat (APT) groups listed by MITRE were active during the second half of 2023
The report highlights the importance of vendors committing to internally discovering vulnerabilities and implementing patches before exploitation starts, as well as disclosing vulnerabilities to customers proactively and transparently
CISOs and security teams need to maintain security hygiene and act quickly through consistent patching and updating programs
Derek Manky, Chief Security Strategist and Global VP Threat Intelligence at FortiGuard Labs, emphasizes the role of both vendors and customers in this climate
Vendors must introduce robust security scrutiny throughout the product development life cycle and dedicate themselves to responsible radical transparency in their vulnerability disclosures
Customers must maintain a strict patching regimen to reduce the risk of exploitation, given the high number of vulnerabilities across vendors in 2023.
Link: https://www.cysecurity.news/2024/05/cybercriminals-are-becoming-more.html

Categories:

Tags: