Malware Down Slightly as Double-Extortion Attacks Increase

Overall malware declined in the second quarter of 2023, according to a new report, even as double-extortion ransomware grew substantially.

The Internet Security Report, released today by WatchGuard Technologies, found that malware detections slid 8% in Q2 compared with Q1 2023. The report noted, however, that malware campaigns impacting 100 or more systems increased 21% in the quarter, and those targeting 10 to 50 systems increased 22%. So the decline was driven exclusively by campaigns targeting one to nine systems.

Ransomware as a whole also declined in the quarter, down 21% from Q1 2023 and down 72% from Q2 2022. However, double-extortion attacks — a form of ransomware in which data is both encrypted and downloaded by attackers, often with the added threat of publication — grew 72% from the previous quarter. WatchGuard also identified 13 new extortion groups during the quarter.

"The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively," said Corey Nachreiner, chief security officer at WatchGuard, in a prepared statement. "There is no single strategy that threat actors wield in their attacks, and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense."

The report, which was based on data from across all sectors, noted that 95% of malware "lurks behind SSL/TLS encryption used by secured websites. Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware. Furthermore, zero day malware dropped to 11% of total malware detections, an all-time low. However, when inspecting malware over encrypted connections, the share of evasive detections increased to 66%, indicating attackers continue to deliver sophisticated malware primarily via encryption."

Other findings from the report included:

  • Out of the top-10 detections for the quarter, six were new malware variants;

  • Script-based malware dropped 41% in the quarter, though scripts still accounted for 74% of total detections;

  • WMI, PSExec, and other Windows tools were exploited in 17% of cases in which criminals gained access to systems, an increase of 29%;

  • Older software vulnerabilities continue to be exploited, including ATutor, an LMS that has not been updated since 2018; and

  • Compromised domains included WordPress blogs and other "self-managed websites," as well as domain shortening services that were exploited "to host either malware or malware command and control framework."

The full report is freely available on WatchGuard's site (registration required).

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.

  • university building with classical architecture is partially overlaid by a glowing digital brain graphic

    NSF Invests $100 Million in National AI Research Institutes

    The National Science Foundation has announced a $100 million investment in National Artificial Intelligence Research Institutes, part of a broader White House strategy to maintain American leadership as competition with China intensifies.

  • stylized figures, resumes, a graduation cap, and a laptop interconnected with geometric shapes

    OpenAI to Launch AI-Powered Jobs Platform

    OpenAI announced it will launch an AI-powered hiring platform by mid-2026, directly competing with LinkedIn and Indeed in the professional networking and recruitment space. The company announced the initiative alongside an expanded certification program designed to verify AI skills for job seekers.

  • lightbulb

    Call for Speakers Now Open for Tech Tactics in Education: Overcoming Roadblocks to Innovation

    The annual virtual conference from the producers of Campus Technology and THE Journal will return on September 25, 2025, with a focus on emerging trends in cybersecurity, data privacy, AI implementation, IT leadership, building resilience, and more.