WatchGuard Internet Security Report documents a dramatic increase in so-called “evasive malware,” contributing to a significant increase in overall malware volume. Also noticeable are increased attacks on email servers.
WatchGuard Technologies has the latest Internet Security Report published in which experts from the WatchGuard Threat Lab highlight the most important malware trends and threats to network and endpoint security. The findings show a dramatic increase in so-called “evasive malware,” contributing to a significant increase in the overall malware volume. Increased attacks on email servers are also noticeable. In addition, the results indicate a decreasing number of ransomware - likely a result of international authorities' hunt for ransomware extortionists.
Always looking for weak points
“The latest research from the Threat Lab shows that threat actors use different techniques to find vulnerabilities, especially in older software and systems. “It is therefore critical for organizations to adopt a defense-in-depth strategy to protect themselves from such threats,” said Corey Nachreiner, Chief Security Officer at WatchGuard. “Updating business-critical systems and applications is an important step in eliminating vulnerabilities. In addition, modern security platforms operated by managed service providers provide comprehensive security and enable the fight against the latest threats.”
Key findings of the current Internet Security Report Q4/2023.
Malware volume increased overall in the fourth quarter
The average number of malware detections per WatchGuard Firebox increased by 80 percent compared to the previous quarter. This represents a significant total amount of malware threats arriving at the network perimeter. The Americas and Asia/Pacific regions were particularly affected by the increase in malware.
TLS and zero-day malware also on the rise
Around 55 percent of malware arrived via encrypted connections, seven percent more than in the third quarter of 2023. The proportion of zero-day malware tripled from 22 percent in the same quarter last year to 60 percent. What's particularly striking in this context is that the number of zero-day malware threats detected using TLS fell to 61 percent, a decrease of ten percent compared to the third quarter and shows the unpredictability of malware.
Two of the top 5 malware variants lead to the DarkGate network
“JS.Agent.USF” and “Trojan.GenericKD.5” were among the top 67408266 most widespread malware. Both variants redirect users to malicious links and attempt to load DarkGate malware onto the victim's computer.
Increase in living-off-the-land attacks
The fourth quarter showed a resurgence in script-based threats. Their number increased by 77 percent compared to the third quarter. According to Threat Lab, PowerShell was the dominant attack vector on the end device. Browser-based exploits also increased significantly, with a 56 percent increase.
Four of the top five network attacks were Exchange server attacks
These threats specifically relate to the ProxyLogon, ProxyShell and ProxyNotShell exploits. A ProxyLogon signature that first appeared in the top five - fourth - most widespread attacks in the fourth quarter of 2022 has now risen to the second most common network attack position. These specific threats highlight the need to reduce reliance on local email servers to mitigate security threats.
Commercialization of cyberattacks continues with victim-as-a-service offerings
Glupteba and GuLoader were again among the top ten endpoint malware variants in the fourth quarter. Glupteba is a particularly dangerous and sophisticated piece of malware, partly because it attacks victims on a global scale. Glupteba is a multi-faceted malware-as-a-service (MaaS) that, among other things, downloads additional malware, disguises itself as a botnet, steals confidential data and secretly mines cryptocurrencies.
Takedown measures reduce ransomware attacks
In the fourth quarter, Threat Lab reported a 20 percent decrease in ransomware malware compared to the previous quarter. WatchGuard analysts also noted a decline in public ransomware attacks. The reason for this is likely to be the authorities' measures to combat ransomware extortionists.
All findings are based on the concept of “WatchGuard Unified Security Platformand based on previous quarterly evaluations - on anonymized, aggregated data from all active WatchGuard network and endpoint protection solutions whose owners have agreed to share threat intelligence to support Threat Lab research.
More at WatchGuard.com
About WatchGuard WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,