Cybersecurity has entered alarming new territory with reports detailing a staggering 300% increase in endpoint malware detections over the third quarter of 2024. This spike is attributed to increasingly sophisticated tactics employed by cybercriminals, who are now targeting legitimate web services and exploiting documents to execute their attacks.
According to the latest Internet Security Report released by WatchGuard Technologies, endpoint malware detections have skyrocketed compared to the previous quarter. Simultaneously, there has been a notable 74% decrease in the number of threats being blocked per 100,000 active machines. This discrepancy suggests the emergence of homogenous, spam-like malware being delivered to endpoints, likely stemming from separate malware campaigns spreading similar payloads.
The report highlights the shifting dynamics within the cyber threat environment, noting a 15% decrease in network-based malware attacks from the previous quarter. This downturn may indicate cybercriminals are not necessarily generating new or unique malware but rather relying on established techniques to breach devices. WatchGuard emphasizes the necessity of thorough HTTPS inspections at network perimeters, especially since over half (52%) of the malware observed was delivered over TLS-encrypted connections.
A particularly concerning trend is the resurgence of cryptominers—malware used to siphon off computing resources for mining cryptocurrencies. The report reveals these cryptominers are not only increasing but also demonstrate additional malicious behaviors, making them even more threatening to users. “These findings demonstrate how quickly the threat environment can evolve,” remarked Corey Nachreiner, chief security officer at WatchGuard Technologies. “Organizations of all sizes should prioritize AI-powered threat detection to spot anomalous traffic patterns and reduce the potential costs associated with data breaches.”
Adding to the complexity, attackers are adopting traditional methods with newfound creativity. Microsoft applications such as Word and Excel have been long-time targets, but the implementation of strict anti-macro protections for these Office files has prompted attackers to pivot to OneNote files. This switch has facilitated the delivery of the Qbot trojan, which grants attackers remote access to compromised devices.
Simultaneously, the threat actors have ramped up their exploits of vulnerabilities within WordPress plug-ins, utilizing these weaknesses to seize control of websites. This tactic allows attackers to exploit the established reputation of these platforms to mislead users, prompting them to download malicious software like SocGholish. This malware lures users with false prompts to update their browsers, enabling malicious execution.
With WordPress hosting approximately 488.6 million websites globally, or 43% of all sites on the Internet, such tactics pose immense risks to users worldwide. Despite ransomware attacks trending downwards, the report revealed more ransomware operators this quarter than seen previously, with attackers using familiar tactics to deliver their illicit payloads rather than innovatively crafting new methods.
Cybersecurity experts observed a 40% increase in signature-based detections during this quarter, echoing the unsettling rise of social engineering tactics among cybercriminals. This spike may signify the growing prevalence of traditional malware as offenders refine their approaches and leverage legacy systems or widespread vulnerabilities.
Regions are also indicative of the changing threat dynamics, with the EMEA area making up 53% of all malware attacks by volume—doubling from the prior quarter. Meanwhile, the Asia Pacific region leads network attack detections, with 59% of attacks targeting this area. Interestingly, the overall decrease of 15% for malware attacks from the previous quarter underlines the attackers' shift from creating unique malware to utilizing established methods instead.
Despite these shifts, organizations remain charged with safeguarding their networks against this myriad of threats. Nachreiner advocates for adopting comprehensive cybersecurity strategies, emphasizing the need for real-time defenses against the changing tactics of cybercriminals. Utilizing AI-powered threat detection could play a pivotal role not only in identifying persistent threats but also significantly minimizing the impacts and costs associated with data breaches.
The findings detailed by WatchGuard Technologies serve as both a stark warning and guiding light for organizations aiming to reinforce their cybersecurity postures. Remaining vigilant and adaptive is more important than ever as the pace of malware evolution accelerates, putting immense pressure on cybersecurity infrastructures everywhere.