In its latest Internet Security Report, WatchGuard Technologies revealed several key findings regarding malware trends and network and endpoint security threats. According to the report, one of the most alarming trends is that 95% of malware is now being delivered through encrypted connections. This poses a significant challenge for organizations that do not inspect SSL/TLS traffic at their network perimeter, as they may be missing the majority of malware that is hidden behind encryption.
Additionally, the report highlighted a decrease in endpoint malware volumes, despite more widespread malware campaigns. While there was an 8% decrease in endpoint malware detections in Q2 compared to the previous quarter, the detections increased by 22% and 21% among machines caught by 10 to 50 systems and 100 or more systems, respectively. This indicates that widespread malware campaigns grew between Q1 and Q2 of 2023.
Another important finding from the report is the rise in double-extortion attacks from ransomware groups. The Threat Lab noted a 72% increase in these types of attacks quarter over quarter, alongside the detection of 13 new extortion groups. Interestingly, ransomware detections on endpoints declined by 21% quarter over quarter and 72% year over year, suggesting that attackers are shifting their tactics to focus more on double-extortion attacks.
The report also revealed the presence of six new malware variants in the Top 10 endpoint detections. The compromised 3CX installer accounted for 48% of the total detection volume in the Q2 Top 10 list of malware threats. In addition, the multi-faceted loader and botnet called Glupteba made a resurgence in early 2023 after being disrupted in 2021. These findings highlight the constantly evolving nature of malware threats and the need for organizations to stay vigilant in their cybersecurity efforts.
Furthermore, the report emphasized that threat actors are increasingly leveraging Windows living off-the-land binaries to deliver malware. Attacks that abused Windows OS tools like WMI and PSExec grew by 29% and accounted for 17% of the total volume, while malware that used scripts like PowerShell dropped by 41%. Scripts remain the most common malware delivery vector, representing 74% of all detections. Browser-based exploits, on the other hand, declined by 33% and accounted for only 3% of the total volume.
In addition, the report highlighted that cybercriminals continue to target older software vulnerabilities. Researchers found three new signatures in the Top 10 network attacks for Q2, all based on older vulnerabilities. This reinforces the importance of promptly patching and updating software to mitigate the risk of exploitation.
Lastly, the Threat Lab team discovered instances of compromised domains at WordPress blogs and a link-shortening service. Malicious actors had taken advantage of these platforms to host malware or command and control frameworks. Furthermore, a website dedicated to an educational contest in the Asia Pacific region had been compromised by Qakbot threat actors to host command and control infrastructure for their botnet.
WatchGuard’s Internet Security Report serves as a reminder of the ever-changing threat landscape and the need for organizations to adopt a unified security approach. Corey Nachreiner, chief security officer at WatchGuard, emphasized the importance of constant vigilance and a layered security strategy to effectively combat advanced malware and evolving cyber threats. Organizations are encouraged to monitor these threats and employ managed service providers to ensure their best defense.
The report also noted that the data analyzed is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products. This approach allows for a comprehensive understanding of the current threat landscape and supports WatchGuard’s ongoing research efforts.
To access the complete Q2 2023 Internet Security Report and gain a more in-depth view of WatchGuard’s research, interested parties can visit the WatchGuard website.
About WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc. is a global leader in unified cybersecurity, offering a range of products and services designed to protect businesses from evolving threats. The company’s Unified Security Platform® approach is uniquely tailored for managed service providers, allowing them to deliver world-class security while improving operational efficiency. With over 17,000 security resellers and service providers and more than 250,000 customers, WatchGuard is trusted by organizations worldwide. Its award-winning products and services encompass network security, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. By providing comprehensive security, shared knowledge, clarity & control, operational alignment, and automation, WatchGuard offers a holistic security platform for businesses of all sizes. Headquartered in Seattle, Washington, WatchGuard has offices in North America, Europe, Asia Pacific, and Latin America.
For more information about WatchGuard and its products, interested parties can visit the company’s official website. Additionally, they can follow WatchGuard on Twitter, Facebook, and LinkedIn for updates, promotions, and additional information. The company’s InfoSec blog, Secplicity, also provides real-time information about the latest threats and offers insights on how to cope with them. Subscriptions to “The 443 – Security Simplified” podcast are available on the Secplicity website and various podcast platforms.