In the second half of 2022, security researchers at Fortinet observed destructive wiper malware attacks impacting more organizations around the world, as well as cybercriminals retooling existing botnets and reusing code to power more sophisticated attacks.

Fortinet’s just published study, 2H 2022 Threat Landscape Report, examines the cyber-threat landscape over last year's second half to identify trends and offer insights on what network defenders should know to effectively protect their organizations in 2023. In the first half of 2022, there was a resurgence in wiper malware, mostly tied to the Russian invasion of Ukraine, but in the second half of 2022 wiper malware expanded into other countries, driving a 53 percent increase in wiper activity from Q3 to Q4. Although Fortinet initially observed wiper malware being developed and deployed by nation-state actors and targeted to countries involved in the Russian-Ukraine War, researchers are now seeing wipers being scaled and deployed worldwide. “These new strains are increasingly being picked up by cybercriminal groups and… Cybercriminals are also now developing their own wiper malware which is being used readily across [Cybercrime-as-a-Service (CaaS)] organizations, meaning that the threat of wiper malware is more widespread than ever and all organizations are a potential target.”

Fortinent also found threat actors are increasingly reusing old botnet and malware code  to launch attack campaigns more cost effectively. These included IoT botnet Mirai, remote access Trojan Gh0st RAT, and the infamous Emotet malware. Ransomware also continues to pose a significant threat, primarily due to the proliferation of Ransomware-as-a-Service (RaaS). The report found in the second half of 2022, the top five ransomware families accounted for roughly 37 percent of all ransomware attacks. Access the full report at Fortinet.