WatchGuard Technologies Releases Internet Security Report Highlighting Key Threat Trends
Overview
WatchGuard Technologies, a global leader in unified cybersecurity, has recently published its latest Internet Security Report, which provides insights into the top malware trends and network and endpoint security threats. The report, based on research conducted by WatchGuard Threat Lab researchers, reveals several important findings, including the increasing prevalence of malware arriving over encrypted connections, the decline in endpoint malware volumes despite growing campaigns, the rise of double-extortion attacks in ransomware, the persistent exploitation of older software vulnerabilities, and more.
In light of these findings, Corey Nachreiner, Chief Security Officer at WatchGuard, emphasizes the need for constant vigilance and a layered security approach to combat evolving cyber threats effectively. He also underscores the importance of organizations partnering with managed service providers to administer a unified security approach for the best defense.
Malware and Encrypted Connections
The report highlights that an alarming 95% of malware now hides behind encryption, primarily using SSL/TLS protocols on secured websites. This rising trend poses a significant challenge for organizations that do not inspect SSL/TLS traffic at the network perimeter, as they may be missing most malware. Additionally, when analyzing malware over encrypted connections, the share of evasive detections increased to 66%, indicating that attackers are increasingly delivering sophisticated malware through encryption.
Endpoint Malware Volumes and Campaigns
While there was a slight overall decrease of 8% in endpoint malware detections in Q2 compared to the previous quarter, the report reveals a contrasting increase in the volume of detections among a larger number of systems. Endpoint malware detections caught by 10 to 50 systems increased by 22%, and detections by 100 or more systems rose by 21%. These findings suggest that widespread malware campaigns grew during Q2 of 2023.
Double-Extortion Attacks and Ransomware
Double-extortion attacks, where ransomware groups threaten to expose stolen data alongside encrypting victims’ systems, increased by 72% quarter over quarter. The report identifies the emergence of 13 new extortion groups contributing to this rise. Interestingly, this increase in double-extortion attacks coincided with a decline of 21% in ransomware detections on endpoints quarter over quarter and 72% year over year. This trend indicates a shift in tactics by ransomware actors.
New Malware Variants and Attack Vectors
The report highlights the presence of six new malware variants in the Top 10 endpoint detections. One notable variant is the compromised 3CX installer, which accounted for 48% of the total detection volume in the Q2 Top 10 list of malware threats. Additionally, the multi-faceted Glupteba malware, which targets victims worldwide, experienced a resurgence after disruptions in 2021. The report also reveals changes in attack vectors, with threat actors increasingly leveraging Windows OS tools such as WMI and PSExec for endpoint access. Meanwhile, the use of scripting languages like PowerShell decreased in volume by 41%, although scripts remained the most common vector for malware delivery.
Exploitation of Older Software Vulnerabilities
The report emphasizes that cybercriminals continue to target older software vulnerabilities that remain unpatched or unaddressed. Threat Lab researchers identified three new signatures in the Top 10 network attacks for Q2 that exploit older vulnerabilities. These include a vulnerability associated with a retired open-source learning management system, an integer overflow signature in PHP, and a buffer overflow in HP’s Open View Network Node Manager. The persistence of these attacks highlights the importance of regularly updating and patching software to mitigate risk.
Compromised Domains and Command and Control Infrastructure
According to the report, threat actors have compromised various self-managed websites, such as WordPress blogs, and a domain-shortening service to host malware or malware command and control frameworks. Notably, a website dedicated to an educational contest in the Asia Pacific region was compromised by Qakbot threat actors to serve as command and control infrastructure for their botnet. This highlights the need for organizations to regularly monitor and secure their online platforms to prevent unauthorized access.
Recommendations for Organizations
Implement SSL/TLS Inspection
Given that the majority of malware hides behind encrypted connections, organizations should ensure they have SSL/TLS inspection mechanisms in place at their network perimeter. By inspecting encrypted traffic for malware, organizations can significantly enhance their ability to detect and mitigate threats that may otherwise go unnoticed.
Adopt a Layered Security Approach
The evolving nature of cyber threats necessitates the adoption of a layered security approach. Organizations should implement multiple security measures, including endpoint protection, network security, multi-factor authentication, and secure Wi-Fi. By using a combination of these security tools and technologies, organizations can better defend against the increasingly sophisticated tactics employed by threat actors.
Maintain Patching and Software Updates
The persistent exploitation of older software vulnerabilities underscores the importance of regular patching and software updates. Organizations should prioritize the timely installation of security patches and updates provided by software vendors. By addressing known vulnerabilities, organizations can significantly reduce their exposure to cyber attacks.
Monitor and Secure Online Platforms
Organizations that maintain self-managed websites, such as WordPress blogs, should regularly monitor and secure their platforms to prevent compromise. This includes implementing strong passwords, regularly updating plugins and themes, and utilizing security plugins to detect and mitigate potential threats. Additionally, organizations should be vigilant in monitoring their domains and online presence to identify any unauthorized access or misuse.
Conclusion
The findings of WatchGuard Technologies’ Internet Security Report highlight the evolving landscape of cyber threats, with malware increasingly hiding behind encrypted connections and threat actors adopting sophisticated tactics. Organizations must remain vigilant, implement robust security measures, and stay up-to-date with the latest threat intelligence to effectively combat these threats. By adopting SSL/TLS inspection, a layered security approach, maintaining patching and updates, and monitoring and securing online platforms, organizations can strengthen their defenses and mitigate the risks posed by today’s cyber landscape.
<< photo by Sora Shimazaki >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The New California Delete Act: Data Broker Regulations Reinforced
- Unveiling the Hidden Threat: How WordPress Caching Plug-in Puts Websites at Risk
- Chinese APT Tied to Atlassian Confluence Attacks: Microsoft Exposes the Source
- Digital Distrust: Unveiling Consumer Skepticism Towards Emerging Technologies
- How Cybercriminals Exploit 404 Pages to Steal Sensitive Information
- The Future of Online Security: Google Makes Passkeys the New Norm
- The Art of Adaptation: Building Operational Resilience through Proactive Measures
- Bridging the Divide: Uniting Efforts in Addressing a Breach
