Last Updated on: 22nd November 2023, 12:37 pm
WatchGuard® Technologies, a leading global cybersecurity company, has released its latest Internet Security Report, highlighting the key trends in malware and network and endpoint security threats identified by the WatchGuard Threat Lab researchers in the first quarter of 2023. The report unveils significant findings, including the emergence of browser-based social engineering strategies employed by phishers, the presence of new malware linked to nation states, a surge in zero-day malware, an increase in living-off-the-land attacks, and more. The report also features a dedicated section for the Threat Lab team’s quarterly ransomware tracking and analysis.
According to Corey Nachreiner, Chief Security Officer at WatchGuard, organisations need to remain vigilant and actively focus on the security solutions and strategies they rely on to defend against increasingly sophisticated threats. The report emphasises the importance of layered malware defenses to counter living-off-the-land attacks, which can be achieved effectively through a unified security platform managed by dedicated service providers.
One notable finding from the Q1 2023 report is the shift in social engineering tactics, with attackers leveraging browser notifications as an alternative to pop-up abuse. Additionally, the report highlights that three out of the four new threats on the top-ten malware list originated from China and Russia, although it doesn’t necessarily imply state-sponsored activities. The persistence of attacks targeting Office products and the discontinued Microsoft ISA Firewall is another significant observation.
The rise of living-off-the-land attacks is also highlighted, exemplified by the ViperSoftX malware, which exploits built-in operating system tools to achieve its objectives. Furthermore, the report underscores the need for endpoint protection capable of distinguishing between legitimate and malicious use of popular tools like PowerShell. It emphasises the importance of including non-Windows machines, such as Linux-based systems, when implementing Endpoint Detection and Response (EDR) solutions.
The report reveals that the majority of detections (70%) in Q1 were attributed to zero-day malware over unencrypted web traffic, with an alarming 93% of detections occurring over encrypted web traffic. It emphasises the need for robust host-based defenses like WatchGuard EPDR to protect IoT devices, misconfigured servers, and other vulnerable devices.
In terms of ransomware, the report highlights a high number of published victims and the discovery of 51 new ransomware variants in Q1 2023. The Threat Lab continues to track and analyse ransomware trends, particularly focusing on well-known organisations and Fortune 500 companies.
The data analysed in this quarterly report is based on anonymised and aggregated threat intelligence from active WatchGuard network and endpoint products. WatchGuard’s Unified Security Platform approach and the updated methodology for data analysis further enhance the report’s insights.
To access the complete Q1 2023 Internet Security Report, including additional details, recommended security strategies, and critical defense tips, click here.
https://watchguard.widen.net/s/mlr6zrzhhg/infographic_threat_report_q1_2023 – Infographic
