A report by Fortinet stated that close to 41 per cent of organisations detected exploits from signatures less than one month old, and over 98 per cent of organisations detected N-Day vulnerabilities that have existed for at least five years.
Based on the Exploit Prediction Scoring System (EPSS) found the second half of 2023 saw attackers increase the speed with which they capitalised on newly publicised vulnerabilities (43 per cent faster than 1H 2023).
Vendors need to dedicate themselves to internally discovering vulnerabilities and developing a patch before exploitation can occur (to mitigate instances of 0-day vulnerabilities).
It also reinforces that vendors must proactively and transparently disclose vulnerabilities to customers to ensure they have the information to protect their assets before cyber adversaries can exploit N-day vulnerabilities. The report stated that some N-day vulnerabilities were over 15 years old.
In 2H 2023, research found that 0.7 per cent of all CVEs observed on endpoints are under attack, revealing a much smaller active attack surface for security teams to focus on and prioritise remediation efforts.
Across all of Fortinet’s sensors, ransomware detections dropped by 70 per cent compared to the first half of 2023.
The observed slowdown in ransomware over the last year can best be attributed to attackers shifting away from the traditional “spray and pray” strategy to a more targeted approach aimed largely at the energy, healthcare, manufacturing, transportation and logistics, and automotive industries.
While bot traffic remained steady relative to the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of the last few years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets emerged in the second half of 2023, including AndroxGh0st, Prometei, and DarkGate.
Over 38 of the 143 advanced persistent threat (APT) groups listed by MITRE were observed to be active during 2H 2023. Threat actors often discussed targeting organisations within the finance industry, followed by the business services and education sectors.
More than 3,000 data breaches were shared on prominent dark web forums. Over 221 vulnerabilities were actively discussed on the darknet, while 237 were discussed on Telegram channels. Over 850,000 payment cards were advertised for sale.
