SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Rising ransomware attacks exploit remote access software, warns WatchGuard report
Fri, 8th Dec 2023

New research from WatchGuard Technologies, a global player in unified cybersecurity, has revealed a significant spike in endpoint ransomware attacks as well as an alarming trend of cyber attackers exploiting remote access software.

The Internet Security Report provides insights into the latest malware trends and endpoint security threats, shedding light on the increasingly sophisticated tactics adopted by cybercriminals.

The research revealed an 89% rise in endpoint ransomware attacks and a decrease in malware delivered through encrypted connections. WatchGuard also observed an increase in abuse of remote access software, an exploitation strategy actively embraced by cyber adversaries.

Cyber criminals are also exploiting password-stealers and info-stealers to pilfer priceless credentials, and are increasingly pivoting from scripting to other living-off-the-land techniques to instigate endpoint attacks.

Discussing the consequeces, Corey Nachreiner, Chief Security Officer at WatchGuard, stated, “Threat actors continuously evolve their tools and methods in attack campaigns, making it crucial for organisations to stay updated on the latest tactics to bolster their security strategy.”

He added that end users often represent the last defence line against sophisticated attacks that employ social engineering tactics. Nachreiner emphasised that it was paramount for organisations to deliver social engineering education and adopt a unified security approach that provides multiple layers of defence.

Among the key findings, the report detailed how cyber attackers are increasingly leveraging remote management tools to dodge anti-malware detection, confirmed by both the FBI and CISA.

Notably, there was a surge in the Medusa ransomware variant in Q3, driving endpoint ransomware attacks up by 89%. The report also highlighted a noticeable decline in attacks employing scripted methods, with script-based attacks dropping by 11% in Q3 and by 41% in Q2.

However, in spite of the reduction, script-based attacks still represent the largest attack vector, making up 56% of total attacks. Cyber attackers are also resorting to Windows living-off-the-land binaries more frequently, as these attacks saw a 32% increase.

Another trend noted was a drop in malware arriving through encrypted connections to 48%, indicating a considerable decline from previous quarters. In contrast, total malware detections increased by 14%.

The report additionally highlighted an increase in commodity malware, such as the new Lazy.360502 malware family that made the top 10 list. Lazy.360502 delivers the 2345explorer adware variant along with the Vidar password stealer.

It operates like a “password stealer as a service,” where cyber criminals can pay for stolen credentials. The malware is linked to a Chinese website that provides a credential stealer as a service, demonstrating the commoditisation of malware.

All these findings underscore the importance of a unified approach to security, one that emphasises multiple layers of defense and continuous education on novel attack techniques, WatchGuard states.