A new report shows a decline in network-detected malware but endpoint ransomware increased 627%, and malware associated with phishing campaigns continues to be a constant threat.

WatchGuard Technologies released findings from its most recent Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q4 2022.

Despite seeing an overall decline in malware, analysis from researchers looking at Fireboxes that decrypt HTTPS (TLS/SSL) traffic found a higher incidence of malware, indicating malware activity has shifted to encrypted traffic. Since just about 20% of Fireboxes that provide data for this report have decryption enabled, this indicates that the vast majority of malware is going undetected.

Other key highlights from the report included:

• Endpoint ransomware detections rose 627%.
• 93% of malware hides behind encryption.
• Network-based malware detections dropped approximately 9.2% percent quarter over quarter during Q4.
• Endpoint malware detections increased 22%. Among the leading attack vectors, most detections were associated with Scripts, which constituted 90% of all detections. In browser malware detections, threat actors targeted Internet Explorer the most with 42% of the detections, followed by Firefox with 38%.
• Zero day or evasive malware has dropped to 43% in unencrypted traffic.
• Phishing campaigns have increased. Phishing and business email compromise (BEC) remains one of the top attack vectors, so make sure you have both the right preventative defenses and security awareness training programs to defend against it.
• ProxyLogin exploits continue to grow. An exploit for this well-known, critical Exchange issue rose from eighth place in Q3 to fourth place last quarter.