WatchGuard's current Internet Security Report also documents the Emotet comeback and increasing attacks on SCADA systems. Google Chrome and Microsoft Office-based threats are also on the rise.
The recent results of Internet Security Reports WatchGuard Technologies reports on key malware trends and network threats showing an overall decrease in malware for the second quarter of 2022 compared to the peaks of the first half of last year. However, Google Chrome and Microsoft Office-based threats are on the rise.
Internet Security Report for the second quarter of 2022
And based on the available data, there is hardly any doubt about the potential danger of Emotet. Corey Nachreiner, Chief Security Officer of WatchGuard, describes the trend in encrypted malware in particular as worrying: “More than 81 percent of the identified malware discoveries can be traced back to connections with TLS encryption. This indicates that hackers are changing their tactics and are increasingly turning to elusive malware. Quality takes the place of quantity.” The underlying data from Germany comes up with some specifics in this context.
Other important findings at a glance
Office exploits are more prevalent than any other form of malware
The most significant incident in Q2 2022 was the Follina Office exploit (CVE-2022-30190), which was first reported in April and only patched at the end of May. Delivered through a malicious document, Follina was able to bypass Windows Protected View and Windows Defender and was actively exploited by a variety of threat actors, including nation-state circles. In Germany and Greece, three other Office exploits (CVE-2018-0802, RTF-ObfsObjDat.Gen and CVE-2017-11882) also appeared on a large scale.
Total endpoint malware down, but unevenly distributed
Overall, endpoint-directed malware decreased by 20 percent, while malware targeting browser vulnerabilities increased. Here the average increase was 23 percent, and 50 percent for Chrome alone. This could be due to the persistence of various zero-day exploits. Compromised scripts accounted for the lion's share of endpoint detections in Q87 2, at 2022 percent.
75 percent of discovered network attacks are connected with only ten signatures
In the second quarter of this year, ICS and SCADA systems that control industrial plants and processes were increasingly targeted. Two new signatures (WEB Directory Traversal -2 and WEB Directory Traversal -7), which are clearly similar, were also noticeable in this context. The former exploits a vulnerability first discovered in 8 in a specific SCADA interface software. The special thing about the second: It occurred most frequently in Germany.
The Emotet danger is far from over
Although overall volume has declined since last quarter, Emotet remains one of the top threats to network security. XLM.Trojan.abracadabra - a Win code injector that proliferates the Emotet botnet - features in the Top 10 All Threats and the Top 5 Encrypted Malware. It was observed most frequently in Japan.
All of these findings in WatchGuard's quarterly research report are based on de-identified Firebox Feed data from active WatchGuard Fireboxes whose owners have consented to the sharing of data to support the Threat Lab's research. In Q2022 18,1, WatchGuard blocked a total of more than 234 million malware variants (4,2 per device) and approximately 55 million network threats (2022 per device). In addition to the diverse insights into the malware and network trends from the second quarter of XNUMX, the full report contains adequate information on recommended security strategies and important defense tips for companies of all sizes and industries.
The current Internet Security Report with many other details on the threat situation is available online in English for download.
See the report at WatchGuard.com
About WatchGuard WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,