Cyber attackers are constantly coming up with new attack methods. The security report for the first quarter of 1 not only shows new traps, but also proves that three of the four newcomers on the top 2023 malware list come from Russia and China.
According to WatchGuard's Internet Security Report, attackers are now discovering new ways to trick users surfing the Internet. After web browsers have recently upgraded their protection mechanisms against pop-up abuse, cybercriminals are now focusing on the still relatively new browser notification options.
Malware trends for Q1/2023
As the analysis of malware trends and attempted attacks on networks and end devices for the first quarter of 2023 shows, the authorization functions for corresponding notifications are being manipulated with increasing frequency. The main aim is to trick users into installing malicious software or agreeing to use anti-malware services with excessive fees. In addition, the so-called SEO poisoning, which is actually old hat for a long time, is making a comeback. With this type of attack, cybercriminals strive to create SEO-optimized websites that appear as high up as possible in search engine queries for currently trending search terms in the result list and entice the searcher to click. It is not uncommon for malware to be waiting at the destination, which unfolds its effect via drive-by download.
Businesses need constant attention
"In any case, companies are well advised to consistently and actively pay attention to the existing solutions and strategies for protecting their own organization," concludes Corey Nachreiner, Chief Security Officer at WatchGuard. “Consistent with the threat posed by living-of-the-land attacks and other sophisticated threats, the importance of layered malware defenses is extremely high. Platforms that uniformly bring together comprehensive IT security functionality and are managed by professional managed security service providers provide a reliable foundation for this.”
Key findings from the WatchGuard Internet Security Report Q1/2023
Actors from China and Russia are behind 75 percent of the threats newly located in the top malware ranking
Three of the four newcomers to WatchGuard's top ten malware list have close national ties, but that doesn't necessarily mean the cybercriminals behind them are actually government-sponsored. A specific example is the Zuzy malware family, which made its debut in the top 10 malware list. One form of this, for example, targets the Chinese population with adware and the intention to install a compromised browser that will take over the system's Windows settings as the new default browser.
Ongoing attacks on Office products and the discontinued Microsoft ISA Firewall
The most widespread attack scenarios are still document-based attacks on Office products. On the network side, the WatchGuard Threat Lab also locates numerous hits in the course of exploits against the outdated Microsoft firewall "Internet Security and Acceleration (ISA) Server" - surprising in view of the fact that Microsoft has long since discontinued it and is no longer supporting or updating it all the more so that hackers are still targeting them.
Living-of-the-land attacks are on the rise
The "ViperSoftX" variant discovered during DNS analysis is the latest example of malware that uses the tools built into the operating systems to achieve its goals. The repeated emergence of Microsoft Office and PowerShell-based malware underscores the importance of endpoint protection that is functionally able to distinguish between legitimate and malicious use of popular tools like PowerShell.
New malware dropper targeting Linux-based systems
The emergence of a new Linux-targeted malware dropper proves once again that attackers are by no means just targeting Windows as the mainstay of the enterprise operating system. Linux and macOS users should never be too sure. It is therefore essential to ensure that all end devices are covered without exception when introducing and using Endpoint Detection and Response (EDR) functionality, regardless of their operating system.
Zero-day malware accounts for the lion's share of the threats identified
In unencrypted web traffic, zero-day malware accounts for 70 percent of the total volume of security-relevant discoveries, and in encrypted data traffic it is even 93 percent. The enormous risk that IoT devices, incorrectly configured servers or other devices will become a gateway for attackers is therefore more than obvious. Host-based security functionality (such as that offered by WatchGuard EPDR) provides a reliable remedy here.
New ransomware tracking
Chief Security Officer (CSO), WatchGuard Technologies (Image: WatchGuard).
The new tracking, which was carried out for the first time during the analysis of the Internet Security Report Q1 2023, also provided important additional insights: For example, the Threat Lab identified 51 new ransomware variants and came up with one through corresponding announcements on relevant extortion websites Total number of 852 companies newly joining the group of organizations affected by a ransomware attack. Sadly, the frequency of such announcements is steadily increasing, and among the victims are not least a number of well-known companies and Fortune 500 corporations.
Framework data for analysis
WatchGuard's quarterly research reports are based - in accordance with the concept of the "Unified Security Platform" - on the anonymized, aggregated data of all active WatchGuard solutions for network and endpoint protection, whose owners have agreed to share the threat intelligence in support of the research work of the Threat Lab have. What is new this time compared to the previous editions of the Internet Security Report is the type of evaluation, analysis and presentation of results.
From now on, results in the area of network security are no longer presented in terms of total volumes, but as average values per device according to the population of appliances considered. The reasons are discussed in more detail in the full report. This also contains numerous details on other malware and network trends from the first quarter of 2023, corresponding recommendations for security strategies, important defense tips for companies of all sizes and industries and much more.
More at Watchguard.com
About WatchGuard WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,