Ransomware Expected to Increase 150% This Year

Ransomware and fileless malware are both seeing large surges this year. According to the newly released Q2 2021 Internet Security Report from WatchGuard Technologies, in the first six months of 2021, ransomware attacks were already at nearly the total volume for all of the previous year and are on target to see a 150 percent increase by the end of the year. According to WatchGuard: "While total ransomware detections on the endpoint were on a downward trajectory from 2018 through 2020, that trend broke in the first half of 2021, as the six-month total finished just shy of the full-year total for 2020. If daily ransomware detections remain flat through the rest of 2021, this year’s volume will reach an increase of over 150 percent compared to 2020."

Fileless malware — malware originating from scripting engines, such as PowerShell — is increasing at an even greater pace and is on track to double 2020's total this year. AMSI.Disable.A is one such malware type that's on the rise. According to WatchGuard: "AMSI.Disable.A showed up in WatchGuard’s top malware section for the first time in Q1 and immediately shot up for this quarter, hitting the list at No. 2 overall by volume and snagging the No. 1 spot for overall encrypted threats. This malware family uses PowerShell tools to exploit various vulnerabilities in Windows. But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected."

Other findings from the report include:

  • A massive 91.5 percent of all malware arrived over encrypted connection. "Put simply, any organization that is not examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware," according to WatchGuard.

  • Network attacks rose 22 percent in the quarter, reaching the highest level sine 2018. "Q1 saw nearly 4.1 million network attacks. In the quarter that followed, that number jumped by another million – charting an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-focused protections."

  • Microsoft Office continues to be a popular attack vector. WatchGuard reported a new 2017 RCE vulnerability that debuted in the second quarter as the No. 1 network attack. "Though it may be an old exploit and patched in most systems (hopefully), those that have yet to patch are in for a rude awakening if an attacker is able to get to it before they do."

  • Aside from the 2017 RCE vulnerability, two other top-10 network attacks exploited old vulnerabilities, according to the report: a "2011 Oracle GlassFish Server vulnerability [and] a 2013 SQL injection flaw in medical records application OpenEMR…."

The report was based on "anonymized Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Lab’s research efforts. In Q2, WatchGuard blocked a total of more than 16.6 million malware variants (438 per device) and nearly 5.2 million network threats (137 per device)."

The complete Q2 2021 Internet Security Report is available on Watchguard's site (registration required).

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.