By Douglas Jose Pereira dos Santos | August 07, 2023

In our 1H 2023 Threat Landscape Report, we examine the cyberthreat landscape over the year’s first half to identify trends and share insights with security professionals, enabling them to enhance their security strategies and better prioritize patching efforts. The report findings reflect the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors that collect billions of threat events observed worldwide during this same period. Below are key takeaways from the report.

1H 2023 Threat Report: A Summary

In the year’s first half, we observed significant activity among advanced persistent threat (APT) groups, a rise in ransomware frequency and complexity, increased botnet activity, and much more. And while attack volume isn’t entirely on the continual upward climb we’ve seen in the past, we’re witnessing breach attempts become more sophisticated and targeted.

As cybercriminals continue to advance their tactics, the good news for security practitioners is that much of the malicious activity observed is familiar, giving leaders and their teams ample opportunities to implement effective defense strategies.

Ransomware Becomes More Sophisticated and Targeted

While ransomware has existed for decades, we’ve witnessed threat actors using more-sophisticated and complex strains in recent years to infiltrate networks, largely thanks to the expansion of Ransomware-as-a-Service (RaaS) operations. Ransomware volume certainly isn’t slowing down, either, with ransomware activity ending 13 times higher at the end of 1H 2023 compared to the start of the year. Yet the number of enterprises detecting ransomware on their respective networks is declining: 13% in 1H 2023 compared to nearly 25% five years ago. Unfortunately, this isn’t cause for celebration, as it indicates bad actors carrying out more targeted attacks using highly adaptable playbooks.

In several previous reports, we discussed wiper malware, a highly destructive attack technique that “wipes” data from infected systems. While we observed a surge in wiper use in early 2022, mainly in conjunction with the Russian-Ukrainian conflict, wiper malware attacks slowed in the first half of 2023.

Malicious Actors 327x More Likely to Exploit Top Vulnerabilities

Since its inception, Fortinet has been a core contributor to exploitation activity data supporting the Exploit Prediction Scoring System (EPSS). Many vulnerability management teams use EPSS to help prioritize their remediation efforts. But EPSS can also help us track the progression of vulnerabilities from initial disclosure to the outbreak of exploitation in the wild.

Our latest report analyzed six years of data spanning more than 11,000 published vulnerabilities for which our sensors detected exploitation. We sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high EPSS score get exploited faster, and whether we could predict the average time-to-exploitation using EPSS data.

Our analysis shows that the top most exploitable vulnerabilities, as identified by EPSS, are 327 times more likely to be attacked within a week than others on your radar. Using EPSS data in this way can serve as an early warning system.

Nearly a Third of APT Groups Were Active in 1H 2023

For the first time in the history of our Global Threat Landscape Report, we tracked the number of active APT groups. Our research shows that of the 138 cyberthreat groups identified by MITRE, 41 (30%) were active during the first half of the year. Based on our malware detections, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active. Yet over the past six months, APT-led threats impacted only a small subset of all organizations, indicating that APT endeavors remain highly targeted… at least for now.

Unique Exploits, Malware Variants, and Botnet Activity on the Rise

In this year’s report, we examined longer-term trends regarding unique exploits, malware variants, and botnet activity to give us a greater perspective on today’s threat landscape.

Our data shows that the count of unique exploit detections is up 68% over the past five years—a sign that attackers are multiplying and diversifying their exploits. However, we also observed a 75% drop in exploitation attempts per organization and a 10% dip in severe exploits, both of which signal that cybercriminals increasingly carry out more-targeted attacks. Malware families and variants have exploded over the past five years, up 135% and 175%, respectively. We also observed more active botnets (+27%) and a higher incidence rate of botnet infection among organizations (+126%). What’s most concerning about botnets is that they have become more persistent over this period, spending more time “lingering” on networks before they’re detected and blocked.

Protect Your Organization from an Increasing Array of Threats

Threat actors won’t be slowing down anytime soon, particularly as organized cybercrime groups make it even easier for them to achieve a quick payday. However, there are numerous actions organizations can take today to better protect their networks from these adversaries.

Sharing and utilizing threat intelligence has never been more important to combat the ever-increasing sophistication and volume of cyberthreats. Additionally, understanding attack flows—from initial entry points to post-exploitation activities—is vital to creating effective cybersecurity strategies. Finally, there’s no better time to implement new security technologies and reassess your team’s processes and playbooks. Developing and maintaining a comprehensive defense strategy is crucial to protecting enterprise networks today and in the future.

More About the 1H 2023 FortiGuard Labs Threat Landscape Report

Our latest Global Threat Landscape Report represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors that collect billions of threat events observed worldwide during the first half of this year. The FortiGuard Labs Global Threat Landscape Report uses the MITRE ATT&CK framework to describe how threat actors find vulnerabilities, build malicious infrastructure, and exploit their targets.


Download your copy of the 1H 2023 FortiGuard Labs Threat Landscape Report today.

Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7

Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

Connect-the-Classroom scheme  is allowing schools to upgrade their infrastructure to a solution that should last 10 years

Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package

IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.

We provide an automated Cybersecurity awareness training solution covering both simulated phishing and training courses.

Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.

Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.