Tag Archive for: WatchGuard

WatchGuard report reveals decline in malware despite more campaigns

/in


A recent Internet Security Report by WatchGuard Technologies, a global leader in unified cybersecurity, has unveiled some startling trends in the realm of cyber threats. The report, which analysed data from Q2 2023, highlights a decrease in endpoint malware volumes even as campaigns grow more expansive. It also points to a rise in double-extortion attacks and the continued exploitation of older software vulnerabilities by threat actors.

Corey Nachreiner, chief security officer at WatchGuard, emphasised the evolving nature of cyber threats. “The data analysed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively,” he said. Nachreiner added that there is “no single strategy that threat actors wield in their attacks” and organisations must employ a “unified security approach” for their best defence.

One of the most alarming findings is that 95% of malware now arrives over encrypted connections. This means that organisations not inspecting SSL/TLS traffic at their network perimeter are likely missing most malware. The report also found that zero-day malware dropped to an all-time low of 11% of total malware detections. However, the share of evasive detections increased to 66% when inspecting malware over encrypted connections.

In terms of endpoint malware, the volume has decreased by a slight 8% in Q2 compared to the previous quarter. Despite this, detections increased in volume by 22% and 21% when caught by 10 to 50 systems or 100 or more systems, respectively. “The increased detections among more machines indicate that widespread malware campaigns grew from Q1 to Q2 of 2023,” the report stated.

Double-extortion attacks have seen a significant rise, increasing 72% quarter over quarter. This comes even as ransomware detections on endpoints declined by 21% quarter over quarter and 72% year over year. The Threat Lab also noted the emergence of 13 new extortion groups.

The report also highlighted the resurgence of Glupteba, a multi-faceted loader, botnet, information stealer, and…

Source…

WatchGuard Threat Lab Report Finds Endpoint Malware Volumes

/in


SEATTLE, Oct. 04, 2023 (GLOBE NEWSWIRE) — WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the research include 95% of malware now arriving over encrypted connections, a decrease in endpoint malware volumes despite campaigns growing more widespread, ransomware detections on the decline amid a rise in double-extortion attacks, older software vulnerabilities persisting as popular targets for exploit among modern threat actors, and more. 

“The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively,” said Corey Nachreiner, chief security officer at WatchGuard. “There is no single strategy that threat actors wield in their attacks and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense.” 

Among the most notable findings, the latest Internet Security Report featuring data from Q2 2023 showed:

  • Ninety-five percent of malware hides behind encryption. Most malware lurks behind SSL/TLS encryption used by secured websites. Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware. Furthermore, zero day malware dropped to 11% of total malware detections, an all-time low. However, when inspecting malware over encrypted connections, the share of evasive detections increased to 66%, indicating attackers continue to deliver sophisticated malware primarily via encryption. 
  • Total endpoint malware volume is down slightly, though widespread malware campaigns increased.There was a slight 8% decrease in endpoint malware detections in Q2 compared to the previous…

Source…

Top Most used firewalls for Network security | Best Firewalls world wide

/in



Annual Ransomware Detection Count expected to be the highest this year, WatchGuard Threat Lab report reveals / Digital Information World

/in


As per the WatchGuard Threat Lab’s most-recent quarterly Internet Security Report, the number of Ransomware detected in Q1 2022 was double that of the number recorded across the entire 2021.

Additionally, the study reveals that EMEA still happens to be a safe spot for malware risks. It was also found out that WatchGuard Fireboxes in EMEA were impacted more than those in America and Asia-Pacific.

The chief security officer at WatchGuard, Corey Nachreiner stated that 2022 is on its way to becoming the year with the most annual ransomware detections. He advised companies to opt for a “true unified security approach” that is advanced enough to tackle the evolving attacks.

The research also included some other intriguing revelations such as:

#1 Log4Shell makes its presence felt

The public first got to hear about Log4Shell right before the end of 2021. Fast forward to this quarter, it has already popped up on the top 10 network attack list. Furthermore, WatchGuard’s last report emphasized on Log4Shell as the top security event. It attained a full-on 10.0 on CVSS, making it an extremely critical vulnerability, thanks to the fact that it’s commonly used in Java applications.

#2 Emotet is here to stay

Ever since making a comeback in Q4 2021, Emotet has gone on to secure three slots in the top 10 detections and top widespread malware. The threats related to it are Trojan.Vita, Trojan.Valyria, and MSIL.Mesna.4. Threat Lab suggests that Emotet downloads and installs the file after retrieving it from a malware delivery server.

#3 PowerShell scripts contribute to rising endpoint attacks

The findings for Q1 2022 show a year-over-year increase of 38% in endpoint detections. Almost nine out of every 10 such detections (88% to be precise) were thanks to scripts. Digging deep into the scripts led to the discovery that 99.6% of these were PowerShell ones. This indicates that cybercriminals have been putting extra focus on utilizing credible tools for executing fileless and LotL attacks.

#4 Unauthentic activity coupled with authentic crypto mining operations

Popular mining pool, Nanopool became a hot topic of the study in question. Nanopool domains are perceived as credible domains linked…

Source…