Malware Down Slightly as Double-Extortion Attacks Increase

Overall malware declined in the second quarter of 2023, according to a new report, even as double-extortion ransomware grew substantially.

The Internet Security Report, released today by WatchGuard Technologies, found that malware detections slid 8% in Q2 compared with Q1 2023. The report noted, however, that malware campaigns impacting 100 or more systems increased 21% in the quarter, and those targeting 10 to 50 systems increased 22%. So the decline was driven exclusively by campaigns targeting one to nine systems.

Ransomware as a whole also declined in the quarter, down 21% from Q1 2023 and down 72% from Q2 2022. However, double-extortion attacks — a form of ransomware in which data is both encrypted and downloaded by attackers, often with the added threat of publication — grew 72% from the previous quarter. WatchGuard also identified 13 new extortion groups during the quarter.

"The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively," said Corey Nachreiner, chief security officer at WatchGuard, in a prepared statement. "There is no single strategy that threat actors wield in their attacks, and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense."

The report, which was based on data from across all sectors, noted that 95% of malware "lurks behind SSL/TLS encryption used by secured websites. Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware. Furthermore, zero day malware dropped to 11% of total malware detections, an all-time low. However, when inspecting malware over encrypted connections, the share of evasive detections increased to 66%, indicating attackers continue to deliver sophisticated malware primarily via encryption."

Other findings from the report included:

  • Out of the top-10 detections for the quarter, six were new malware variants;

  • Script-based malware dropped 41% in the quarter, though scripts still accounted for 74% of total detections;

  • WMI, PSExec, and other Windows tools were exploited in 17% of cases in which criminals gained access to systems, an increase of 29%;

  • Older software vulnerabilities continue to be exploited, including ATutor, an LMS that has not been updated since 2018; and

  • Compromised domains included WordPress blogs and other "self-managed websites," as well as domain shortening services that were exploited "to host either malware or malware command and control framework."

The full report is freely available on WatchGuard's site (registration required).

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • flowing lines and geometric shapes representing data flow and analysis

    Complete College America Launches Center to Boost Data-Driven Student Success Strategies

    National nonprofit Complete College America (CCA) recently launched the Center for Leadership, Institutional Metrics, and Best Practices (CLIMB), with the goal of helping higher education institutions use data-driven strategies to improve student outcomes.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • consultant and educator sitting at a modern desk with a laptop and tablet, surrounded by abstract icons of online learning in a bright, minimalist setting

    Quality Matters Launches Advisory and Consulting Service

    A new service from Quality Matters, the nonprofit focused on quality assurance in online and innovative digital teaching and learning environments, is designed to help colleges and universities develop a sustainable online learning strategy.

  • laptop and fish hook

    Security Firm Identifies Generative AI 'Vishing' Attack

    A new report from Ontinue's Cyber Defense Center has identified a complex, multi-stage cyber attack that leveraged social engineering, remote access tools, and signed binaries to infiltrate and persist within a target network.