SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
WatchGuard report reveals decline in malware despite more campaigns
Thu, 5th Oct 2023

A recent Internet Security Report by WatchGuard Technologies, a global leader in unified cybersecurity, has unveiled some startling trends in the realm of cyber threats. The report, which analysed data from Q2 2023, highlights a decrease in endpoint malware volumes even as campaigns grow more expansive. It also points to a rise in double-extortion attacks and the continued exploitation of older software vulnerabilities by threat actors.

Corey Nachreiner, chief security officer at WatchGuard, emphasised the evolving nature of cyber threats. "The data analysed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively," he said. Nachreiner added that there is "no single strategy that threat actors wield in their attacks" and organisations must employ a "unified security approach" for their best defence.

One of the most alarming findings is that 95% of malware now arrives over encrypted connections. This means that organisations not inspecting SSL/TLS traffic at their network perimeter are likely missing most malware. The report also found that zero-day malware dropped to an all-time low of 11% of total malware detections. However, the share of evasive detections increased to 66% when inspecting malware over encrypted connections.

In terms of endpoint malware, the volume has decreased by a slight 8% in Q2 compared to the previous quarter. Despite this, detections increased in volume by 22% and 21% when caught by 10 to 50 systems or 100 or more systems, respectively. "The increased detections among more machines indicate that widespread malware campaigns grew from Q1 to Q2 of 2023," the report stated.

Double-extortion attacks have seen a significant rise, increasing 72% quarter over quarter. This comes even as ransomware detections on endpoints declined by 21% quarter over quarter and 72% year over year. The Threat Lab also noted the emergence of 13 new extortion groups.

The report also highlighted the resurgence of Glupteba, a multi-faceted loader, botnet, information stealer, and crypto miner that targets victims indiscriminately worldwide. It accounted for 48% of the total detection volume in the Q2 Top 10 list of malware threats.

Threat actors are increasingly leveraging Windows living off-the-land binaries to deliver malware. Attacks that abused Windows OS tools like WMI and PSExec grew by 29%, accounting for 17% of all total volume. Meanwhile, browser-based exploits declined by 33% and account for just 3% of the total volume.

Older software vulnerabilities continue to be a popular target. For instance, one was a 2016 vulnerability associated with an open-source learning management system that was retired in 2018.

In researching malicious domains, the Threat Lab team found instances of compromised self-managed websites, such as WordPress blogs, and a domain-shortening service hosting malware or malware command and control framework.

The findings of this report underscore the need for organisations to remain vigilant and adopt a multi-layered approach to cybersecurity as the landscape of threats continues to evolve.