top of page

WatchGuard Technologies Report: Surge in Evasive Malware

WatchGuard Technologies has announced the findings of its latest Internet Security Report, revealing a significant increase in evasive malware, targeted attacks on on-premises email servers, and a continued decline in ransomware detections. The report is based on data analyzed by WatchGuard Threat Lab researchers, focusing on the top malware trends and network and endpoint security threats observed in the fourth quarter of 2023.

Corey Nachreiner, Chief Security Officer at WatchGuard, emphasized the importance of adopting a defense-in-depth approach to protect against evolving threats. "Threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems," said Nachreiner. "Updating the systems and software on which organizations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organizations need and enable them to combat the latest threats."

Key findings from the Q4 2023 Internet Security Report include:

  • A dramatic increase in evasive, basic, and encrypted malware, with average malware detections per Firebox rising by 80% from the previous quarter. The majority of the increased malware instances affected the Americas and Asia-Pacific regions.

  • A rise in TLS and zero-day malware instances, with approximately 55% of malware arriving over encrypted connections. Zero-day malware detections jumped to 60% of all malware detections, up from 22% in the previous quarter.

  • Two of the top five malware variants, JS.Agent.USF and Trojan.GenericKD.67408266, were found to redirect users to malicious links and attempt to load DarkGate malware on the victim's computer.

  • A resurgence in script-based threats, with threats detected increasing by 77% from Q3. PowerShell emerged as the top attack vector used by hackers on endpoints, and browser-based exploits also saw a significant increase.

  • Four of the top five most widespread network attacks were associated with Exchange server exploits, including ProxyLogon, ProxyShell, and ProxyNotShell. This highlights the need to reduce reliance on on-premises email servers to mitigate security threats.

  • The commoditization of cyberattacks continues, with a trend toward "victim-as-a-service" offerings. Glupteba and GuLoader were among the top 10 most prevalent endpoint malware in Q4, with Glupteba being noted for its sophisticated capabilities, including masquerading as a botnet and mining cryptocurrency.

  • A decline in ransomware detections, with a 20% decrease in overall volume for the last three months of 2023. This trend is attributed to law enforcement's ongoing efforts to take down ransomware extortion groups.

The data analyzed in the report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in support of WatchGuard's research efforts. The findings highlight the importance of remaining vigilant and adopting comprehensive security measures to protect against the evolving landscape of cyber threats.


bottom of page