WatchGuard® Technologies, a leading global cybersecurity company, has released its latest Internet Security Report, revealing new trends in browser-based social engineering and highlighting the top malware threats analysed by WatchGuard Threat Lab researchers in Q1 2023. The report provides insights into the evolving threat landscape, including the rise of living-off-the-land attacks, new malware with potential nation-state ties, an increase in zero-day malware, and more. Additionally, this edition features a dedicated section focusing on quarterly ransomware tracking and analysis conducted by the Threat Lab team.
Key findings from the Q1 2023 Internet Security Report include:
- New browser-based social engineering trends: With web browsers implementing better protection against pop-up abuse, attackers have shifted their tactics to exploit browser notification features for similar types of interactions. The report also highlights a new destination involving SEO-poisoning activity among the top malicious domains list.
- Threat actors from China and Russia dominate the top threats: Three out of the four new threats on the top-ten malware list in Q1 2023 have strong connections to nation states. However, it is important to note that this does not necessarily mean the malicious actors are state-sponsored. For instance, the Zuzy malware family, appearing in the top-ten list for the first time, includes samples targeting China’s population with adware that compromises browsers.
- Persistence of attacks against Office products and EOL Microsoft ISA Firewall: Document-based threats targeting Office products continue to feature prominently in the most widespread malware list. The report also highlights the relatively high number of exploits targeting Microsoft’s now-discontinued Internet Security and Acceleration (ISA) Server, despite its lack of updates.
- Rise of living-off-the-land attacks: The analysis of ViperSoftX malware in the Q1 DNS study exemplifies the trend of malware leveraging built-in tools within operating systems to accomplish their objectives. The continued presence of Microsoft Office- and PowerShell-based malware emphasizes the need for endpoint protection capable of distinguishing between legitimate and malicious use of popular tools like PowerShell.
- Malware droppers targeting Linux-based systems: One of the notable detections in Q1 was a malware dropper designed for Linux-based systems, highlighting the importance of including non-Windows machines when deploying Endpoint Detection and Response (EDR) solutions to ensure comprehensive coverage.
- Majority of detections attributed to zero-day malware: In this quarter, 70% of detections originated from zero-day malware over unencrypted web traffic, with an astonishing 93% of detections associated with zero-day malware over encrypted web traffic. This underscores the significance of robust host-based defenses, such as WatchGuard EPDR, to protect against zero-day malware infecting IoT devices and misconfigured servers.
The report also offers new insights based on ransomware tracking data, including the identification of 852 victims published on extortion sites and the discovery of 51 new ransomware variants in Q1 2023.
WatchGuard stresses the importance of organisations proactively safeguarding their security infrastructure against sophisticated threats. Corey Nachreiner, Chief Security Officer at WatchGuard, recommends adopting layered malware defenses and partnering with dedicated managed service providers to combat living-off-the-land attacks effectively.
The Q1 2023 Internet Security Report is based on anonymised, aggregated threat intelligence from WatchGuard’s active network and endpoint products. The report provides recommended security strategies, critical defense tips, and detailed analysis of additional malware, network, and ransomware trends from Q1 2023.
For a comprehensive view of WatchGuard’s research and insights, read the complete Q1 2023 Internet Security Report here.
https://watchguard.widen.net/s/mlr6zrzhhg/infographic_threat_report_q1_2023 – Infographic
