Scripting attacks on endpoint devices have skyrocketed; the majority of the network attacks aimed at the Americas and the encrypted connections have taken place for a primary delivery mechanism for zero-day malware.
Endpoint Malware and Ransomware attacks have surged in volume more than 2020 by the end of Q3 2021, as found in WatchGuard Technologies’ latest quarterly Internet Security Report. The data found in the report indicates that while the total perimeter malware detection volume has taken a dip from the highs reached in the previous quarter, endpoint malware detections have surpassed the total volume seen in 2020. Additionally, the report found that a considerable percentage of malware continues to arrive over encrypted connections, further continuing the trend from previous quarters.
Here are a few more notable findings revealed in WatchGuard’s Q3 2021 Internet Security Report:
● Close to fifty percent of zero-day malware is now delivered through encrypted connections
The percentage of malware that reached through Transport Layer Security (TLS) has jumped from 31.6% to 47%. Interestingly, the total amount of zero-day malware in the same period has surged by a modest 3% to 67.2% in Q3.
A lower percentage of encrypted zero-days are considered advanced, but it is still concerning given that WatchGuard’s data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.
● After customers upgraded to recent versions of Microsoft Windows and Office, threats actors began to concentrate their efforts on newer vulnerabilities
Even though unpatched vulnerabilities found in older software continue to provide a fertile ground for threat actors to launch their attacks, they are also seeking to exploit weaknesses found in the latest versions of Microsoft’s widely used products.
● Preferring Americas over other regions
Most of the network attacks targeted the Americas in Q3 (64.5%) compared to APAC (20%) and Europe (15.5%).
● The network attack detections show a normal trajectory but still pose risks of great concerned
After consecutive quarters having over 20% growth, WatchGuard’s Intrusion Prevention Service (IPS) revealed around 4.1 million unique network exploits in Q3. The drop of 21% brought volumes significantly down to Q1 levels, however, they were still more when compared to the previous year. This shift does not mean that adversaries are letting up as they are possibly shifting their focus towards more targeted attacks.
● Scripting attacks on endpoints continue to witness an upward trend
By the end of Q3, WatchGuard’s AD360 threat intelligence as well as WatchGuard Endpoint Protection, Detection, and Response (EDPR) have seen 10% more attack scripts than the combined attacks in 2020.
As hybrid workforces begin to have strong roots in the enterprise culture, having a strong perimeter is no longer enough to stop these threats. Today, cybercriminals can opt for several methods to launch attacks on endpoints. However, even those with limited skills can often fully execute a malware payload with scripting technologies such as PowerSploit, PowerWare and more while evading basic endpoint detection.
The total volume of network attacks has slightly decreased in Q3. But, the malware per endpoint device has gone up for the first time since the pandemic began. Looking overall at the year, the security environment continues to become challenging. Hence, it is crucial that organizations go beyond the short-term ups and downs as well as the seasonality of specific metrics and concentrate their efforts on persistent and concerning trends that factor into their security posture.
For more such updates follow us on Google News ITsecuritywire News