Network attacks (IPS detections) have experienced a relatively stagnant trend over the past three quarters, with a slight decrease of just over 3%, as reported by cybersecurity firm WatchGuard.
According to Corey Nachreiner, Chief Security Officer at WatchGuard, organizations must remain vigilant and actively prioritize their existing security solutions and strategies to effectively counter the increasing sophistication of threats. He emphasizes the importance of layered malware defenses to combat living-off-the-land attacks, which can be achieved by implementing a unified security platform managed by dedicated service providers.
A noteworthy trend in browser-based emerging threats is the shift towards using browser notifications as a means of social engineering, particularly as web browsers have implemented more protections against pop-up abuse. Additionally, the latest list of malicious domains reveals a new destination involving SEO-poisoning activity.
The first quarter of this year saw the emergence of three out of four new threats on WatchGuard’s top ten malware list with clear links to nation states. However, it is important to note that these affiliations do not necessarily imply state sponsorship. One of the newly identified malware families, named Zuzy, exemplifies this trend. WatchGuard’s Threat Lab discovered a sample of Zusy that specifically targets China’s population by installing compromised browsers to hijack the system’s Windows settings and establish itself as the default browser.
Targeting Office products with document-based threats continued to be prevalent during this quarter. Additionally, WatchGuard’s analysts observed a relatively high number of exploits against Microsoft’s now-discontinued firewall, the Internet Security and Acceleration (ISA) Server, despite its end-of-life status and lack of updates.
The rise of living-off-the-land attacks remained a consistent trend, as evidenced by the analysis of ViperSoftX malware in the report. This form of malware exploits the built-in tools within operating systems to accomplish its objectives. The persistence of Microsoft Office- and PowerShell-based malware suggests the need for robust endpoint protection that can distinguish between legitimate and malicious uses of these popular tools.
In an unexpected development, a notable malware dropper detected in the first quarter targeted Linux-based systems. This serves as a reminder that organizations should not overlook non-Windows machines, such as Linux and macOS, when implementing Endpoint Detection and Response (EDR) solutions to ensure comprehensive coverage of their environment.
The report also revealed that the majority of detections, 70% to be precise, originated from zero-day malware transmitted through unencrypted web traffic. Even more concerning, a staggering 93% of detections were attributed to zero-day malware transmitted via encrypted web traffic. Zero-day malware poses a significant threat to devices that lack robust host-based defenses, including IoT devices and misconfigured servers.
Lastly, the Threat Lab’s analysis of ransomware tracking data for the first quarter identified 852 victims published on extortion sites and the discovery of 51 new ransomware variants. Alarmingly, some of the victims belonged to well-known organizations and Fortune 500 companies.
In conclusion, the stagnation in network attacks over the last three quarters, albeit with a slight decrease, highlights the need for continuous attention and enhancement of security measures. The report underscores the importance of layered defenses, awareness of emerging threats, and the implementation of comprehensive security solutions to adequately protect organizations against evolving cyber threats.