Malware Down Slightly as Double-Extortion Attacks Increase

Overall malware declined in the second quarter of 2023, according to a new report, even as double-extortion ransomware grew substantially.

The Internet Security Report, released today by WatchGuard Technologies, found that malware detections slid 8% in Q2 compared with Q1 2023. The report noted, however, that malware campaigns impacting 100 or more systems increased 21% in the quarter, and those targeting 10 to 50 systems increased 22%. So the decline was driven exclusively by campaigns targeting one to nine systems.

Ransomware as a whole also declined in the quarter, down 21% from Q1 2023 and down 72% from Q2 2022. However, double-extortion attacks — a form of ransomware in which data is both encrypted and downloaded by attackers, often with the added threat of publication — grew 72% from the previous quarter. WatchGuard also identified 13 new extortion groups during the quarter.

"The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively," said Corey Nachreiner, chief security officer at WatchGuard, in a prepared statement. "There is no single strategy that threat actors wield in their attacks, and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense."

The report, which was based on data from across all sectors, noted that 95% of malware "lurks behind SSL/TLS encryption used by secured websites. Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware. Furthermore, zero day malware dropped to 11% of total malware detections, an all-time low. However, when inspecting malware over encrypted connections, the share of evasive detections increased to 66%, indicating attackers continue to deliver sophisticated malware primarily via encryption."

Other findings from the report included:

  • Out of the top-10 detections for the quarter, six were new malware variants;

  • Script-based malware dropped 41% in the quarter, though scripts still accounted for 74% of total detections;

  • WMI, PSExec, and other Windows tools were exploited in 17% of cases in which criminals gained access to systems, an increase of 29%;

  • Older software vulnerabilities continue to be exploited, including ATutor, an LMS that has not been updated since 2018; and

  • Compromised domains included WordPress blogs and other "self-managed websites," as well as domain shortening services that were exploited "to host either malware or malware command and control framework."

The full report is freely available on WatchGuard's site (registration required).

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • business leader standing confidently amid interconnected gears

    Leading Through Complexity: How Online Leaders Can Drive Digital Institutional Transformation

    Leaders charged with developing and expanding online programs at their institutions are finding themselves in increasingly complex roles, but there are a few core steps institutional leaders can take to ensure success.

  • semi-transparent AI brain with circuit elements under a microscope

    Anthropic Develops AI 'Microscope' to Reveal the Hidden Mechanics of LLM Thought

    Anthropic has unveiled new research tools designed to provide a rare glimpse into the hidden reasoning processes of advanced language models — like a "microscope" for AI.

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.