FortiGuard Labs Threat Research

Key Findings from the 1H 2022 FortiGuard Labs Threat Report

By Douglas Jose Pereira dos Santos | August 17, 2022

While the first half of 2022 felt anything but ordinary, we continue to observe clever attackers relying on many familiar techniques and attacks, such as ransomware and process injection. However, while the security community may be familiar with many of the tactics and techniques being used by attackers, the unsettling news is that the frequency of these attacks is increasing, and the number of new variants associated with common attack vectors continues to grow.

In our 1H 2022 FortiGuard Labs Threat Landscape Report, we examine the cyber threat landscape during the year's first half to identify trends and offer recommendations about what CISOs and security teams should pay close attention to in the months ahead. The report's findings are based on data collected through our global array of sensors monitored by the FortiGuard Labs team. Below is a look at key takeaways from the report. 

Subscribe to our blog for valuable takeaways from this research as the FortiGuard Labs team examines topics from the report in upcoming weeks.

1H 2022 Threat Report Findings: A Summary

It’s not surprising that cybercriminals are advancing their playbooks to sidestep defense mechanisms and scale their operations. Our threat intelligence shows that cybercriminals are finding new attack vectors to experiment with related to familiar exploits and increasing the frequency with which they execute them. 

Weekly ransomware volume over the last 12 months

New Ransomware Variants Nearly Doubled in Six Months

Ransomware attacks continue to become more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing, and reusing old ones. What’s especially troubling as we look at the first half of 2022 is that the number of new ransomware variants we identified increased by nearly 100% compared to the previous six-month period. Our FortiGuard Labs team saw 10,666 new ransomware variants, compared to just 5,400 in 2H 2021. This explosive growth in ransomware can be mainly attributed to Ransomware-as-a-Service (RaaS) becoming increasingly popular on the dark web. Cybercriminals are using subscription-model services and purchasing plug-and-play ransomware to achieve a quick payday.

Top malware tactics and techniques (endpoint)

Cybercriminals are Using More Defense Evasion Techniques

Examining adversarial strategies gives us valuable insights into how attack techniques and tactics are evolving. FortiGuard Labs analyzed the functionality of detected malware to track the most common delivery approaches. In reviewing the top eight tactics and techniques, defense evasion tops the list, with many malware developers using system binary proxy execution to achieve their goal. Hiding malicious intentions is another top priority for malware developers, making the threat appear legitimate, giving it a better chance of going undetected by a security analyst.

OT Devices and Endpoints are Still Irresistible Targets

While the pandemic forced organizations to create comprehensive work-from-anywhere (WFA) security strategies, remote work still presents a serious risk. While endpoints remain one of an attacker’s top targets, vulnerabilities don’t just exist in the IT space – they're also increasingly being found in operational technology (OT) products. While OT technologies aren’t new, they present a growing opportunity for cyberattacks as organizations continue to converge their IT and OT networks. We examined OT vendors to determine which have the highest volume of vulnerabilities and detailed our findings in the report. 

Wipers are Widening Their Foothold Across Borders

Analyzing wiper malware data reveals a disturbing trend of cybercriminals using more destructive and sophisticated attack techniques – in this case, using malicious software that destroys data by wiping it. In the first six months of 2022, FortiGuard Labs identified at least seven significant new wiper variants used by attackers in various targeted campaigns against government, military, and private organizations. This number is important because it's nearly as many total wiper variants as have been publicly detected in the past 10 years. While we saw a substantial increase in the use of this attack vector in conjunction with the war in Ukraine, the use of disk-wiping malware was also detected in 24 additional countries.

Integrated Security Solutions Powered by AI are a Must 

The increase in the breadth and frequency of cyberattacks translates into more cyber risk for organizations, which means security teams need to be just as nimble and methodical as their adversaries. Outdated point-product approaches to security are insufficient, making integrated security solutions essential to combatting this proliferation of advanced and sophisticated attacks. Organizations need tools that can ingest real-time threat intelligence, apply AI to detect threat patterns and correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response across networks. This holistic approach to a cybersecurity mesh architecture allows for much tighter integration and increased automation, making it easier for security teams to coordinate quickly and respond effectively to threats in real time.

More About the 1H 2022 FortiGuard Labs Threat Landscape Report

The latest Global Threat Landscape Report represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2022. The FortiGuard Labs Global Threat Landscape Report leverages the MITRE ATT&CK framework to describe how threat actors find vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives and threats against both IT and OT.


Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks. Learn more about Fortinet’s FortiGuard Security Services portfolio.