top of page

WatchGuard's Latest Report Reveals Alarming Trends in Malware and Ransomware

WatchGuard Technologies, a renowned leader in unified cybersecurity, has unveiled its latest Internet Security Report, divulging key insights into malware trends and network and endpoint security threats meticulously examined by WatchGuard Threat Lab researchers. The report underscores the evolving nature of advanced cyber threats and the indispensable need for a multifaceted security approach.

Corey Nachreiner, Chief Security Officer at WatchGuard, emphasized, "The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively."

The report's highlights from Q2 2023 include:

  1. Encryption as a Malware Haven: A staggering 95% of malware conceals itself within encrypted connections, primarily SSL/TLS encryption utilized by secured websites. Organizations failing to inspect SSL/TLS traffic at the network perimeter risk overlooking a significant portion of malware. Furthermore, while zero-day malware reached an all-time low at 11%, the share of evasive detections surged to 66%, indicating that attackers predominantly employ encryption to deliver sophisticated malware.

  2. Endpoint Malware Landscape: The total volume of endpoint malware detections dipped slightly in Q2, but widespread malware campaigns surged. Endpoint malware detections increased by 22% and 21% when affecting 10-50 systems and 100 or more systems, respectively, signifying the expansion of widespread campaigns.

  3. Double-Extortion on the Rise: Double-extortion attacks orchestrated by ransomware groups skyrocketed by 72% quarter over quarter, accompanied by the emergence of 13 new extortion groups. Remarkably, this surge coincided with a 21% quarter-over-quarter decrease in ransomware detections on endpoints.

  4. New Malware Variants: The Top 10 endpoint detections saw the emergence of six new malware variants, with the compromised 3CX installer accounting for a significant portion of the detection volume.

  5. Windows Living Off-the-Land: Threat actors increasingly employ Windows living off-the-land binaries to deploy malware. Attacks leveraging Windows OS tools like WMI and PSExec witnessed a 29% growth, constituting 17% of the total volume, while script-based malware dropped by 41%. Scripts remained the most common malware delivery vector.

  6. Targeting Older Software Vulnerabilities: Cybercriminals persisted in targeting older software vulnerabilities. The report identified three new signatures in the Top 10 network attacks for Q2 based on older vulnerabilities, including a 2016 vulnerability associated with an open-source learning management system.

  7. Compromised Domains: Researchers uncovered instances of compromised domains, including self-managed websites like WordPress blogs and a domain-shortening service utilized for hosting malware or command and control infrastructure.

This comprehensive report reflects WatchGuard's commitment to enhancing cybersecurity through its Unified Security Platform and ongoing research efforts. The insights gathered from anonymized, aggregated threat intelligence underscore the dynamic nature of cyber threats, emphasizing the necessity for robust security measures and continuous monitoring.


bottom of page