WatchGuard Technologies announced findings from its most recent Internet Security Report, which details the
top malware trends and network security threats analyzed by WatchGuard Threat
Lab researchers in Q2 2022. Key findings from the data include a reduction in
overall malware detections from the peaks seen in the first half of 2021, an
increase in threats for Chrome and Microsoft Office, the ongoing Emotet botnet
resurgence, and much more.
"While
overall malware attacks in Q2 fell off from the all-time highs seen in previous
quarters, over 81% of detections came via TLS encrypted connections, continuing
a worrisome upward trend," said Corey Nachreiner, Chief Security Officer at
WatchGuard. "This could reflect threat actors shifting their tactics to rely on
more elusive malware."
Other
key findings from the Q2 Internet Security Report include:
- Office exploits
continue to spread more than any other category of malware. In fact, the
quarter's top incident was the Follina Office exploit (CVE-2022-30190), which
was first reported in April and not patched until late May. Delivered via a
malicious document, Follina was able to circumvent Windows Protected View and
Windows Defender and has been actively exploited by threat actors, including
nation states. Three other Office exploits (CVE-2018-0802, RTF-ObfsObjDat.Gen, and CVE-2017-11882)
were widely detected in Germany and Greece.
-
Endpoint
detections of malware were down overall, but not equally. Despite a 20%
decrease in total endpoint malware detections, malware exploiting browsers
collectively increased by 23%, with Chrome seeing a 50% surge. One potential
reason for the increase in Chrome detections is the persistence of various zero
day exploits. Scripts continued to account for the lion's share of endpoint
detections (87%) in Q2.
-
The
top 10 signatures accounted for more than 75% of network attack detections. This quarter saw
increased targeting of ICS and SCADA systems that control industrial equipment
and processes, including new signatures (WEB Directory Traversal -7 and WEB
Directory Traversal -8). The two signatures are very similar; the first
exploits a vulnerability first uncovered in 2012 in a specific SCADA interface
software while the second is most widely detected in Germany.
-
A
resurgent Emotet looms large. While Emotet volume has declined since last quarter, Emotet
remains one of network security's biggest threats. One of the quarter's top 10
overall and top 5 encrypted malware detections, XLM.Trojan.abracadabra - a Win
Code injector that spreads the Emotet botnet - was widely seen in Japan.
WatchGuard's
quarterly research reports are based on anonymized Firebox Feed data from
active WatchGuard Fireboxes whose owners have opted to share data in direct
support of the Threat Lab's research efforts. In Q2, WatchGuard blocked a total
of more than 18.1 million malware variants (234 per device) and more than 4.2
million network threats (55 per device).
The full report includes details on additional
malware and network trends from Q2 2022, recommended security strategies,
critical defense tips for businesses of all sizes and in any sector, and more.
For
a detailed view of WatchGuard's research, read the complete Q2 2022 Internet
Security Report here, or visit: https://www.watchguard.com/wgrd-resource-center/security-report-q2-2022