WatchGuard® Technologies, a leading global cybersecurity company, has released its 2023 Internet Security Report, which highlights the latest trends in malware and network and endpoint security threats. The report, based on analysis by WatchGuard Threat Lab researchers, reveals key findings, including the emergence of browser-based social engineering strategies, the prevalence of new malware associated with nation states, the rise of living-off-the-land attacks, and more. This edition of the report also introduces a dedicated section for quarterly ransomware tracking and analysis.
One notable discovery in the Q1 2023 Internet Security Report is the shift in social engineering tactics, with attackers now leveraging browser notifications as an alternative to traditional pop-up abuse. Additionally, the report identifies a new destination engaging in SEO-poisoning activity among the top malicious domains.
The research also highlights that three out of the four new malware threats on the top-ten list originated from China and Russia. While these threats have ties to nation states, it does not necessarily imply state sponsorship. For example, the report mentions the Zuzy malware family, which appears on the top-ten list for the first time. One variant of Zuzy targets China’s population with adware, compromising the browser and Windows settings.
Furthermore, the report reveals persistent attacks on Office products and the now-discontinued Microsoft ISA Firewall. Document-based threats against Office products continue to feature prominently in the most widespread malware list. Surprisingly, the researchers observed a significant number of exploits targeting the obsolete ISA Server, indicating a surprising focus on an outdated firewall.
Living-off-the-land attacks, where malware leverages built-in tools within operating systems, are also on the rise. The report highlights the ViperSoftX malware, which utilises operating system tools to achieve its objectives. This emphasises the need for robust endpoint protection that can differentiate between legitimate and malicious use of popular tools like PowerShell.
The research identifies a malware dropper specifically targeting Linux-based systems, underscoring the importance of not overlooking non-Windows machines when implementing Endpoint Detection and Response (EDR) solutions.
Zero-day malware remains a significant concern, accounting for the majority of detections. In this quarter, 70% of detections originated from zero-day malware over unencrypted web traffic, while 93% of detections were from zero-day malware over encrypted web traffic. This highlights the need for strong host-based defenses like WatchGuard EPDR to protect against these threats.
The report also provides new insights based on ransomware tracking data. In Q1 2023, the Threat Lab recorded 852 victims published on extortion sites and identified 51 new ransomware variants. Notably, some of the victims were well-known organizations and Fortune 500 companies.
WatchGuard emphasizes the importance of maintaining layered malware defenses and encourages businesses to pay active attention to their security solutions. The report recommends unified security platforms and managed service providers to combat living-off-the-land attacks effectively.
The Q1 2023 Internet Security Report offers comprehensive analysis, recommended security strategies, and critical defense tips for businesses of all sizes and sectors. The report can be accessed in its entirety for a more detailed click here.
https://watchguard.widen.net/s/mlr6zrzhhg/infographic_threat_report_q1_2023 – Infographic
