Malware Down Slightly as Double-Extortion Attacks Increase

Overall malware declined in the second quarter of 2023, according to a new report, even as double-extortion ransomware grew substantially.

The Internet Security Report, released today by WatchGuard Technologies, found that malware detections slid 8% in Q2 compared with Q1 2023. The report noted, however, that malware campaigns impacting 100 or more systems increased 21% in the quarter, and those targeting 10 to 50 systems increased 22%. So the decline was driven exclusively by campaigns targeting one to nine systems.

Ransomware as a whole also declined in the quarter, down 21% from Q1 2023 and down 72% from Q2 2022. However, double-extortion attacks — a form of ransomware in which data is both encrypted and downloaded by attackers, often with the added threat of publication — grew 72% from the previous quarter. WatchGuard also identified 13 new extortion groups during the quarter.

"The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively," said Corey Nachreiner, chief security officer at WatchGuard, in a prepared statement. "There is no single strategy that threat actors wield in their attacks, and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense."

The report, which was based on data from across all sectors, noted that 95% of malware "lurks behind SSL/TLS encryption used by secured websites. Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware. Furthermore, zero day malware dropped to 11% of total malware detections, an all-time low. However, when inspecting malware over encrypted connections, the share of evasive detections increased to 66%, indicating attackers continue to deliver sophisticated malware primarily via encryption."

Other findings from the report included:

  • Out of the top-10 detections for the quarter, six were new malware variants;

  • Script-based malware dropped 41% in the quarter, though scripts still accounted for 74% of total detections;

  • WMI, PSExec, and other Windows tools were exploited in 17% of cases in which criminals gained access to systems, an increase of 29%;

  • Older software vulnerabilities continue to be exploited, including ATutor, an LMS that has not been updated since 2018; and

  • Compromised domains included WordPress blogs and other "self-managed websites," as well as domain shortening services that were exploited "to host either malware or malware command and control framework."

The full report is freely available on WatchGuard's site (registration required).

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • a glowing gaming controller, a digital tree structure, and an open book

    Report: Use of Game Engines Expands Beyond Gaming

    Game development technology is increasingly being utilized beyond its traditional gaming roots, according to the recently released annual "State of Game Development" report from development and DevOps solutions provider Perforce Software.

  • abstract representation of equity at the core of AI

    Why Equity Must Be a Core Part of the Conversation About AI

    AI is an immensely powerful tool that can provide customized support for students with diverse learning needs, tailoring educational experiences to meet student’s individual needs more effectively. However, significant disparities in AI access and digital literacy skills prevent many of these same students from fully leveraging its benefits.

  • Man wearing headset working on a computer

    Internet2: Network Routing Security and RPKI Adoption in Research and Education

    We ask James Deaton, vice president of network services, about Internet2's initiatives and leadership efforts to promote routing security and RPKI adoption in research and higher education networks.

  • network of transparent cloud icons, each containing a security symbol like a lock or shield

    Okta, OpenID Foundation Propose New Identity Security Standard

    Okta and the OpenID Foundation have announced the formation of the IPSIE Working Group — with the acronym standing for Interoperability Profiling for Secure Identity in the Enterprise — dedicated to a new identity security standard for Software-as-a-Service (SaaS) applications.