FortiGuard Labs observed an overall increase in attack frequency paired with the explosive growth of new variants associated with familiar tactics. While attack volume isn’t showing any signs of slowing, the last quarter of the year 2022 gave rise to some other distinct trends in activity. For starters, our team witnessed enterprising cybercriminals reimagining existing botnets and reusing code to power new and more sophisticated attacks.
The findings are based on the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting millions of threat events observed in India during Q4 2022.
Fortinet is increasingly observing cybercriminals take a “work smarter, not harder” approach while unveiling new tactics. From new advanced persistent cybercrime tactics to upgrading old-school botnets like Mirai, bad actors continually find more sophisticated ways to infiltrate networks, making every organization regardless of size or industry a target.
In Q4 of 2022 India recorded a total virus count of 37,697,022 which was over 4,18,000 viruses per day. India alone accounted for 5.81% of the global virus count deducted in the previous quarter.
Bad actors always seek to maximize their existing investments and knowledge in attack efforts. Botnet and malware code reuse are efficient, cost-effective ways for criminals to build upon successful attack vectors while making iterative changes, fine-tuning their attacks to sidestep detection.
The total count of Botnet in India was 204,554,825 which was over 2.2 Million Bots every day in Q4 2022. Indian accounted for 4.72% of the Botnets deducted globally in the last quarter. For example, when examining botnet threats by prevalence, many of the top botnets are older. Mirai and Gh0st RAT continue to be popular in India, yet out of the top five, only RotaJakiro is from the current decade.
The total exploit count in India was 27,328,691,045 in the previous quarter which is over 303 Million exploits deducted per day. The exploits targeting Indian networks was 4.35% of the total global exploits.
Vishak Raman, Vice President of Sales, India, SAARC and Southeast Asia Fortinet, said, “Analysing cybercriminal tactics and techniques gives us better insight into how to protect against future attack scenarios. In the second half of 2022, drive-by compromise topped the list across India as the most common malware delivery approach. This method involves attackers gaining access to victims systems while browsing online and getting them to download malicious payloads. To protect against these advanced persistent cybercrime tactics, organizations need to focus on enabling machine learning–driven coordinated and actionable threat intelligence in real time across all security devices to detect suspicious actions and initiate coordinated mitigation across the extended attack surface.”