WatchGuard reveals new malware trends in Q2 2024 report
WatchGuard Technologies has released its latest Internet Security Report for the second quarter of 2024, highlighting significant changes in malware threats observed by the company's Threat Lab.
The report revealed that seven of the top ten malware threats by volume were new to the list this quarter. This shift indicates a pivot by threat actors towards new techniques, including Lumma Stealer, which is designed to exfiltrate sensitive data from compromised systems. Another notable threat was a variant of the Mirai Botnet, which infects smart devices and co-opts them as part of a bot network, and LokiBot malware, which targets credential information on Windows and Android devices.
The Threat Lab also identified that threat actors are employing a new tactic called "EtherHiding," which involves embedding malicious PowerShell scripts within blockchains like Binance Smart Contracts. This method uses fake error messages on compromised websites to direct victims to "update their browser," which actually links to the malicious script. Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, commented, "The latest findings in the Q2 2024 Internet Security Report reflect how threat actors tend to fall into patterns of behaviour, with certain attack techniques becoming trendy and dominant in waves." He further emphasised the importance of regular software updates and system patching to plug security gaps and prevent the exploitation of older vulnerabilities through a defence-in-depth approach.
The report also noted a 24% decrease in overall malware detections, primarily due to a 35% fall in signature-based detections. However, more evasive malware rose sharply, with the Threat Lab's behavioural engine identifying a 168% increase in such detections quarter-over-quarter. Network attacks surged by 33% from the first quarter, with the Asia Pacific region alone accounting for 56% of all network attack detections, more than doubling since the prior quarter.
Among network vulnerabilities, an NGINX security flaw detected in 2019 emerged as the top network attack by volume during the quarter. It accounted for about 29% of total network attack detections or approximately 724,000 detections across regions including the US, EMEA, and APAC. The Fuzzbunch hacking toolkit, known for its origin from an NSA contractor hack, was the second-highest endpoint malware threat by volume. It primarily targeted Windows operating systems.
The report highlighted that 74% of all browser-initiated endpoint malware attacks targeted Chromium-based browsers like Google Chrome, Microsoft Edge, and Brave. The fourth most widespread malware variant detected was a signature known as trojan.html.hidden.1.gen, mainly associated with phishing campaigns designed to collect browser-based credentials and forward them to servers controlled by attackers. The Threat Lab documented a sample targeting students and faculty at Valdosta State University in Georgia.
The findings from this report are based on anonymised, aggregated threat intelligence from WatchGuard's active network and endpoint products. The report reinforces the ongoing evolution of cyber threats and the need for comprehensive security strategies to protect networks and individual systems from emerging threats.