Research

Zero-Day Exploits Dominate Malware from Web Traffic

• By David Nagel
• 07/05/23

In the first quarter of 2023, a massive 93% of detected malware from encrypted web traffic and 70% of malware from unencrypted web traffic came from zero day malware, according to a new report from WatchGuard Technologies.

According to the company's Q1 Internet Security Report, part of an ongoing series of quarterly reports on data security across all sectors, "Zero day malware can infect IoT devices, misconfigured servers, and other devices that don’t use robust host-based defenses…."

Meanwhile, on the ransomware front, according to WatchGuard, "In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate; some are well known organizations and companies in the Fortune 500."

Other trends noted in the Q1 report included:

• Malware droppers are targeting Linux systems, "a stark reminder that just because Windows is king in the enterprise space, this doesn’t mean organizations can afford to turn a blind eye to Linux and macOS," according to WatchGuard;

• Attackers are exploiting browser notifications more now that browsers have more protections in place against abuse of pop-ups;

• Three-fourths of new attacks in Q1's top-10 list originated in China and Russia;

• Exploits targeting Microsoft Office and Microsoft's end of life products persist; and

• "Living-off-the-land" attacks — attacks that use a system's built-in tools to accomplish their goals — continue to rise. "The continued appearance of Microsoft Office- and PowerShell-based malware in these reports quarter after quarter underscores the importance of endpoint protection that can differentiate legitimate and malicious use of popular tools like PowerShell," according to the report.

To access the complete report and an executive summary, visit watchguard.com/wgrd-resource-center/security-report-q1-2023.