News

Endpoint ransomware attacks rise as network malware falls

WatchGuard Technologies has published the results of its Internet Safety Report corresponding to last quarter of 2022. It shows that according to the latest trends in malware and network security threats, the Endpoint ransomware increased by no less than 627%while malware associated with phishing and its campaigns remains a problematic threat.

The researchers who produced the report have analyzed the Fireboxes that decrypt HTTPS traffic and have detected more malware. This implies that the malware activity has transitioned to encrypted traffic. Furthermore, since only 20% of the Fireboxes that submitted data for reporting have decryption enabled, it is clear that most malicious programs are not detected.

93% of malware is hidden behind encryption. Most of this is hidden in the SSL/TLS encryption used by secure webs. in terms of network-based malware detections, in the last quarter of 2022 they were down 9.2% compared to the previous quarter. Of course, when web traffic is considered, malware increases. As for endpoint malware detections, they increased by 22%, which reinforces that malware has changed to move through encrypted channels. Meanwhile, it is estimated that 70% of malware on encrypted connections evades signatures.

Among the main attack vectors, the majority of detections were associated with scripts (90% of cases). When it comes to browser malware detections, threat actors focused more on Internet Explorer, which accounted for 42% of detections. It is followed by Firefox, with 38% of the detections.

The report also notes that phishing campaigns have increased, as three of the top 10 malware variants most used by cyber attackers collaborate in phishing campaigns. The most frequently detected malware family, JS-A gent.UNS, contains malicious HTML that directs users to authentic-looking domains that impersonate well-known websites.

Another variant, Agent.GBPM, creates a SharePoint phishing page titled PDF Salary Increase that tries to get account information from users. Third on this list of the most popular malware variants is HTML.Agent.WR, which deals with generating a fake DHL notification page in French. It contains a login that leads to a phishing domain that is already quite well known. Phishing and email remain the main means of attack.

Exploits of the Exchange ProxyLogin issue continue to rise, as an exploit for it rose from eighth to fourth place quarter over quarter on the malware popularity list. On the other hand, the volume of network attacks continues to hold steady. In reality, the number of such attacks has only increased by 35, or 0.0015%.

When it comes to ransomware groups, LockBit is still prevalent, also as a malware variant. SLockBit variants keep appearing frequently, and the group seems to be the most successful in breaching companies with ransomware, also through its subsidiaries. LockBit once again had the highest number of extortion victims in the quarter: 149. As for new groups dedicated to extortion and cyberattacks, WatchGuard Threat Lab detected 31.

Related Articles