Global Threat Landscape Report

April 26, 2023

Key highlights of the second half of 2022:

Don’t count out the old

We saw the resurgence of familiar names in the malware, wiper, and botnet space–including Emotet and GandCrab, to name a few, in addition to code reuse (old code being recompiled into new variants)–a reminder that old malware and threats never die. They simply crawl back into the shadows waiting patiently for another turn.

Ransomware and Wipers

Volume is still growing: There’s been a 16% increase in both ransomware and wipers. However, when we look at a quarterly breakdown, we see that wiper volume increased an astonishing 53% between Q3 and Q4 of 2022.

Introducing “The Red Zone”

Less than 1% of the total observed vulnerabilities discovered in an enterprise-size organization were on endpoints and actively under attack. This insight gives CISOs a clear view of the “Red Zone” or active attack surface.

Raspberry.Robin: a new bot with an old trick

1 in 84 organizations that detected botnet activity were impacted by this new botnet that only entered the bot scene in September.

Exchange becomes a post-exploitation hotpot

Hardening activities on Exchange servers have thwarted much initial access targeting. Adversary familiarity with associated services means Exchange servers have become a hotbed for post-exploitation activity.

Keep an eye out for Pre-ATT&CK

Adversaries are dedicating more resources to their attacks’ Recon and Weaponization phase. As this approach becomes more ‘de-facto’ among threat actors, cyber defenders must keep up using intelligence gathered from these phases.

Price: FREE

About the Provider

The Fortinet Security Fabric platform provides true integration and automation across an organization’s security infrastructure, delivering unparalleled protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises.


ransomware, Threat Landscape, vulnerabilities