The number of new ransomware variants nearly doubled in the first half of 2022 and attackers are increasingly leveraging zero-day vulnerabilities, painting a dire picture for IT and cybersecurity professionals, according to a new report from cybersecurity solutions provider Fortinet.
According to the company’s FortiGuard Labs Threat Landscape report for the first half of 2022, there were 10,666 new ransomware variants observed, compared to just 5,400 in the second half of 2021. Ransomware groups are using those subscription-based models—similar to how cloud-based software and services are consumed today—to achieve a quick payday, the report says.
In addition to a surge of wipers and destructive malware and operational technology vulnerabilities continuing to be prime targets for attackers, 2022 is on pace to be another record year for zero-day vulnerabilities, Fortinet’s report says, with 72 zero days discovered in the first half of the year.
From the beginning of 2020 to June 2022, the average number of zero-day bugs Fortinet published every six months has risen consistently, with others reporting similar trends.
Citing Google researchers, Fortinet says more than two-thirds of the flaws discovered in 2021 were tied to popular and well-known vulnerability classes, such as memory corruption issues, with the rest primarily stemming from logic and design vulnerabilities.
The report dives into a handful of such vulnerabilities discovered in 2022:
The first half of 2022 served up several examples of such vulnerabilities. One was “MSDT Follina,” a remote code execution vulnerability in the Microsoft Support Diagnostic Tool (CVE-2022-30190). It gave attackers a trivially easy way to compromise systems via Office documents. Security researchers reported several threat actors – including nation-state-based groups – exploiting the flaw in data-theft campaigns and dropping ransomware such as Qakbot on target networks.
CVE-2022-24521, Microsoft Windows’ Common Log File System (CLFS) driver, was another major 0-day bug in H1, 2022. Microsoft issued a fix for the vulnerability in April after researchers from the US National Security Administration (NSA). Another 0-days that garnered attention in 1H, 2022 was CVE-2022-26134, an unauthenticated code execution vulnerability in Atlassian’s Confluence Server and Data Center technology. Attackers exploited this vulnerability to drop web shells, ransomware, and cryptominers on vulnerable systems. And CVE-2022-26925, a spoofing vulnerability in Microsoft Local Security Authority (LSA) function, gave threat actors a way to force domain controllers to authenticate to them.
The report also touches on Log4Shell, saying the vulnerability is by far the most exploited vulnerability in the first half of 2022. Although exploits may not have reached the peaks that were expected, advanced threat actors are making use of it to target U.S. government systems.
Piggybacking on a Cyber Safety Review Board report that suggests Log4Shell will remain an endemic vulnerability for years, Fortinet says the bug will remain in ots top charts for a long time.
“Since the vulnerability is found in so many fundamental systems, it can be extremely difficult to update one system without breaking other parts of the system in the process. Cybercriminals will exploit anything and everything that can get them the initial access to the data or action they desire to achieve. We’ll most likely continue to see Log4j on our “top” charts for a long time. This is an excellent testament to the importance of vulnerability assessments and active and virtual patching,” the company says in the report.
Read the report for other findings, including the rising use of defense evasion techniques.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply