The quarterly Internet Security Report from WatchGuard Technologies highlights top malware trends and network security threats for Q3 2021. The data indicates that while total perimeter malware detection volume decreased from the highs reached in the previous quarter, endpoint malware detections have already surpassed the total volume seen in 2020 (with Q4 2021 data yet to be reported). In addition, a significant percentage of malware continues to arrive over encrypted connections, continuing the trend from previous quarters.

Among its most notable findings, WatchGuard’s Q3 2021 Internet Security Report reveals:

Nearly half of zero-day malware is now delivered via encrypted connections

While the total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower percentage of encrypted zero-days are considered advanced, but it is still concerning given that WatchGuard’s data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks. 

Overall network attack detections resumed a more normal trajectory, but still pose significant risks

After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of 21% brought volumes down to Q1 levels, which were still high compared to the previous year. The shift doesn’t necessarily mean adversaries are letting up, as they are possibly shifting their focus towards more targeted attacks.

Ransomware, Ransomware, Ransomware

After a steep decline in 2020, ransomware attacks reached 105% of 2020 volume by the end of September (as WatchGuard predicted at the end of the prior quarter) and are on pace to reach 150% once the full year of 2021 data is analyzed. Ransomware-as-a-service operations such as REvil and GandCrap continue to lower the bar for criminals with little or no coding skills, providing the infrastructure and the malware payloads to carry out attacks globally in return for a percentage of the ransom.

The full report includes details on additional malware and network trends from Q3 2021, an even deeper dive into threats detected at the endpoint during the first half of 2021, recommended security strategies and critical defense tips for enterprise organizations.