WatchGuard Technologies released findings of its latest Internet Security Report, which details the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show increasing instances of remote access software abuse, the rise of cyber adversaries using password-stealers and info-stealers to thieve valuable credentials, and threat actors pivoting from utilizing scripting to employing other living-off-the-land techniques to initiate an endpoint attack.

Key report highlights

  • Threat actors increasingly use remote management tools and software to evade anti-malware detection, which both the FBI and CISA have acknowledged.
  • On the surface, endpoint ransomware detections appeared down in Q3. Yet the Medusa ransomware variant, which emerged in the Top 10 malware threats for the first time, was detected with a generic signature from the automated signature engine. When factoring in the Medusa detections, ransomware attacks rose 89% quarter over quarter.
  • Malicious scripts declined as an attack vector by 11% in Q3 after dropping by 41% in Q2. Still, script-based attacks remain the largest attack vector, accounting for 56% of total attacks.
  • Malware arriving over encrypted connections declined to 48%, meaning just under half of all malware detected came via encrypted traffic. This figure is notable because it is down from previous quarters. Overall, total malware detections increased by 14%.
  • An email-based dropper family that delivers malicious payloads comprised four of the Top 5 encrypted malware detections in Q3. All but one of the variants in the Top 5 contained the dropper family named Stacked, which arrives as an attachment in an email spear phishing attempt.
  • Network attacks saw a 16% increase in Q3. ProxyLogon was the number-one vulnerability targeted in network attacks, comprising 10% of all network detections in total.