SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
WatchGuard report reveals drastic surge in evasive malware
Mon, 1st Apr 2024

The latest Internet Security Report from WatchGuard Technologies reveals a drastic growth in evasive malware, a resurgence of "living-off-the-land" attacks, escalating cyberattack commoditisation, and a continued decline in ransomware, amid potential thwarting attempts by international law enforcement targeting ransomware extortion groups.

WatchGuard Technologies, one of the global front-runners in cybersecurity, derived these findings from its unified analysis of top malware trends, as well as threats to network and endpoint security. Most prominently, the data underscores a considerable surge in evasive malware, contributing to a significant rise in total malware. It also highlights the security risk posed by threat actors who exploit on-premise email servers as primary targets.

Corey Nachreiner, Chief Security Officer at WatchGuard, commented, “The latest research from the Threat Lab demonstrates that threat actors utilise diverse techniques while searching for vulnerabilities to exploit. This includes targeting older software and systems, stressing the urgency for organisations to adopt a defence-in-depth approach to counter such threats.”

Nachreiner continued, “Updating the systems and software that organisations depend on is a fundamental step in addressing these vulnerabilities. Furthermore, modern security platforms run by managed service providers can deliver the comprehensive, unified security that organisations require, enabling them to tackle the latest threats effectively."

The Q4 2023 Internet security report discovered that evasive, basic, and encrypted malware all saw a rise, causing an 80% increase in total malware compared to the previous quarter. TLS and zero-day malware instances also surged. Although both JS. Agent. USF and Trojan.GenericKD.67408266 entered the top five most widespread malware variants, both redirect users to malicious links and attempt to load DarkGate malware onto a victim’s computer.

Another significant finding is the resurgence of "living-off-the-land" techniques with script-based threats increasing by 77% from Q3. Exchange server attacks related to the ProxyLogon, ProxyShell, and ProxyNotShell exploits emerged as four of the top five most extensive network exploits, indicating the need to decrease the dependence on on-premises email servers for better security.

The ongoing trend of cyberattack commoditisation, especially towards "victim-as-a-service" offerings, saw Glupteba and GuLoader establish their presence as two of the most prolific variants during Q4. The former is particularly notorious due to its extensive global victim targeting and its multi-faceted malware-as-a-service (MaaS) capabilities.

In contrast, the report points to a 20% decrease in ransomware detections during the last three months of 2023. This decline suggests successful international law enforcement actions against ransomware extortion groups effectively disrupting their activities.

With data sourced from WatchGuard's active network and endpoint products, the report offers valuable insights into the latest cybersecurity threats and protection methods. This collaborative approach underscores WatchGuard’s commitment to a unified security platform and to its continuous efforts to combat the myriad of challenges in the ever-evolving threat landscape.