WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends
Key findings from the research also show three of the four new malware threats on this quarterโ€™s top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.
Posted: Thursday, Jun 29
  • KBI.Media
  • $
  • WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends
WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends

SEATTLE โ€“ June 28, 2023 โ€“ WatchGuardยฎ Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers in Q1 2023. Key findings from the data show phishers leveraging browser-based social engineering strategies, new malware with ties tonation states, high amounts of zero day malware, living-off-the-land attacks on the rise, and more. This edition of the report also features a new, dedicated section for the Threat Lab teamโ€™s quarterly ransomware tracking and analysis.

โ€œOrganisations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats,โ€ said Corey Nachreiner, chief security officer at WatchGuard. โ€œThe top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defences to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers.โ€

Among its most notable findings, the Q1 2023 Internet Security Report reveals:

  • New browser-based social engineering trends โ€“ Now that web browsers have more protections preventing pop-up abuse, attackers have pivoted to using the browser notifications features to force similar types of interactions. Also of note from this quarterโ€™s top malicious domains list is a new destination involving SEO-poisoning activity.

 

  • Threat actors from China and Russia behind 75% of new threats in the Q1 Top 10 list โ€“ Three of the four new threats that debuted on our top ten malware list this quarter have strong ties to nation states, although this doesnโ€™t necessarily mean those malicious actors are in fact state-sponsored. One example from WatchGuardโ€™s latest report is the Zuzy malware family, which shows up for the first time in the top 10 malware list this quarter. One Zusy sample the Threat Lab found targets Chinaโ€™s population with adware that installs a compromised browser; the browser is then used to hijack the systemโ€™s Windows settings and as the default browser.
  • Persistence of attacks against Office products, End-of-Life (EOL) Microsoft ISA Firewall โ€“ Threat Lab analysts continue to see document-based threats targeting Office products in the most widespread malware list this quarter. On the network side, the team also noticed exploits against Microsoftโ€™s now-discontinued firewall, the Internet Security and Acceleration (ISA) Server, getting a relatively high number of hits. Considering this product has long been discontinued and without updates, it is surprising to see attackers targeting it.
  • Living-off-the-land attacks on the rise โ€“ The ViperSoftX malware reviewed in the Q1 DNS analysis is the latest example of malware leveraging the built-in tools that come with operating systems to complete their objectives. The continued appearance of Microsoft Office- and PowerShell-based malware in these reports quarter after quarter underscores the importance of endpoint protection that can differentiate legitimate and malicious use of popular tools like PowerShell.
  • Malware droppers targeting Linux-based systems โ€“ One of the new top malware detections by volume in Q1 was a malware dropper aimed at Linux-based systems. A stark reminder that just because Windows is king in the enterprise space, this doesnโ€™t mean organisations can afford to turn a blind eye to Linux and macOS. Be sure to include non-Windows machines when rolling out Endpoint Detection and Response (EDR) to maintain full coverage of your environment.

 

  • Zero day malware accounting for the majority of detections โ€“ This quarter saw 70% of detections coming from zero day malware over unencrypted web traffic, and a whopping 93% of detections from zero day malware from encrypted web traffic. Zero day malware can infect IoT devices, misconfigured servers, and other devices that donโ€™t use robust host-based defenses like WatchGuard EPDR (Endpoint Protection Defense and Response).  
  • New insights based on ransomware tracking data โ€“ In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate; some are well-known organisations and companies in the Fortune 500. (Stay tuned for more ransomware tracking trends and analysis as part of WatchGuardโ€™s quarterly Threat Lab research in future reports!)

Consistent with WatchGuardโ€™s Unified Security Platformยฎ approach and the WatchGuard Threat Labโ€™s previous quarterly research updates, the data analysed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuardโ€™s research efforts. 

New for this Q1 2023 analysis, the Threat Lab team has updated the methods used to normalise, analyse, and present the report findings. While previous quarterly research results have primarily been presented in the aggregate (as global total volumes), this quarter and going forward the network security results will be presented as โ€œper deviceโ€ averages for all reporting network appliances. The full report includes additional detail around this evolution and the rationale behind the updated methodology, as well as details on additional malware, network, and ransomware trends from Q1 2023, recommended security strategies, critical defense tips for businesses of all sizes and in any sector, and more.

 

For a more in-depth view of WatchGuardโ€™s research, read the complete Q1 2023 Internet Security Reporthere.

 

About WatchGuard Technologies, Inc.

WatchGuardยฎ Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platformยฎ approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the companyโ€™s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.orgSubscribe to The 443 โ€“ Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

 

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.

Share This