FortiGuard Labs reports major jump in ransomware as criminals use botnets to attack the edge

The semiannual release of the FortiGuard Labs “Global Threat Landscape Report” is usually a good opportunity to get a temperature reading on the state of cybersecurity. Based on the latest report, released in August, ransomware is boiling hot.

Threat intelligence from the first half of 2021 showed a tenfold increase in ransomware attacks, with noticeable growth in both volume and sophistication. The prevalence of botnet detections jumped from 35% to 51% in just six months, according to the report, with a broadening of the attack surface to include new vertical industries.

“Now it’s built into this monster, almost an 11x increase from what we saw last December,” said Derek Manky (pictured), chief of security insights and global threat alliances at Fortinet Inc.’s FortiGuard Labs. “What is fueling this is new verticals that cybercriminals are targeting. Telecommunications and government have been in positions one and two. New verticals that have risen up are managed service providers, following the Kaseya attack, as well as operational technology.”

Manky spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed continued prevalence of the Mirai botnet and recent progress through collaborative efforts to take down criminal operations. (* Disclosure below.)

Botnets fuel attacks

Kaseya Ltd., an IT platform used by managed service providers, incurred an attack earlier this year that pushed out copies of REvil ransomware to downstream customers. Threat actors are targeting supply chain players and then leveraging powerful botnets to exploit vulnerabilities in internet of things devices to increase the scale.

Hackers have managed to create several more powerful variants of the Mirai botnet, malware that turns networked devices running Linux into remotely controlled bots.

“Mirai is an IoT botnet, so it sits on devices, inside consumer networks or home networks, and that can be a big problem,” Manky said. “What we reported in the first half of 2021 is that Mirai is number one by far. It was the most prevalent botnet we have seen.”

Despite the chilling news in the FortiGuard Labs report, there has been progress on other fronts. A collaborative effort between the U.S. and several other countries resulted in a takedown of the EMOTET cybercrime service in January. EMOTET had been a prolific distributor of malware and ransomware attacks.

“Immediately after that takedown, it dropped to half the activity it had before. And it’s been consistently staying at that low watermark,” Manky said. “That’s good news, because it shows that the coordinated efforts with law enforcement and partners to take down these are hitting their supply chain where it hurts. There is still a lot of work to be done.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE