Ransomware activities swelled tenfold in the first half of 2021

The average weekly ransomware activity in June 2021 was more than tenfold higher than levels from a year ago, showing a consistent and overall steady increase over the period, according to latest semiannual FortiGuard Labs Global Threat Landscape Report.

Telecommunications firms were the most heavily targeted followed by government, managed security service providers, automotive, and manufacturing sectors. 

In addition, some ransomware operators shifted their strategy away from email-initiated payloads to focusing on gaining and selling initial access into corporate networks further showing the continued evolution of Ransomware-as-a-Service (RaaS) fueling cybercrime. 

Fortinet said organisations need to take a proactive approach with real-time endpoint protection, detection, and automated response solutions to secure environments along with a zero-trust access approach, network segmentation, and encryption.

Also, more than a quarter of organisations detected malvertising or scareware attempts with Cryxos being a notable family. Although, a large volume of the detections are likely combined with other similar JavaScript campaigns that would be considered malvertising. 

The hybrid work reality has undoubtedly encouraged this trend in tactics by cybercriminals as they attempt to exploit it, aiming for not just a scare but also extortion.

Further, 35% of organisations detected botnet activity of one sort or another at the beginning of the year,, and six months later it was 51%. 

A large bump in TrickBot activity is responsible for the overall spike in botnet activity in June. TrickBot originally emerged on the cybercrime scene as a banking trojan but has since been developed into a sophisticated and multi-stage toolkit supporting a range of illicit activities. 

More than a year into remote work and learning shifts, cyber adversaries continue to target our evolving daily habits to exploit the opportunity. 

FortiGuard Labs also found that cyber attackers sought to escalate privileges, evade defenses, move laterally across internal systems, and exfiltrate compromised data, among other techniques. For example, 55% of observed privilege escalation functionality leveraged hooking and 40% used process injection. 

A takeaway is that there is an obvious focus on defense evasion and privilege escalation tactics. Although these techniques are not novel, defenders will be better positioned to secure against future attacks, armed with this timely knowledge. 

“Aligning forces through collaboration must be prioritized to disrupt cybercriminal supply chains,” said Derek Manky, chief of Security Insights & Global Threat Alliances at FortiGuard Labs.

“Continued cybersecurity awareness training as well as AI-powered prevention, detection, and response technologies integrated across endpoints, networks, and the cloud remain vital to counter cyber adversaries,” said Manky.