WatchGuard® Technologies, a global leader in unified Cybersecurity, today released the findings of its latest Internet Security Report. The quarterly analysis details the top malware, network, and endpoint security threats observed during the second quarter of 2024.
Among the report’s key findings was that 7 of the Top 10 malware threats by volume were new this quarter. Furthermore, this indicates threat actors are pivoting toward new techniques. The new top threats included Lumma Stealer. This advanced malware is designed to steal sensitive data from compromised systems. Also, a Mirai Botnet variant, which infects smart devices and enables threat actors to turn them into remotely controlled bots. And a LokiBot malware, which targets Windows and Android devices and aims to steal credential information.
Cybersecurity fears for Blockchain
WatchGuard’s Cybersecurity Threat Lab also observed new instances of threat actors employing “EtherHiding”. A method of embedding malicious PowerShell scripts in blockchains such as Binance Smart Contracts. In these instances, a fake error message linking to the malicious script appears on compromised websites, prompting victims to “update your browser”. Malicious code in blockchains poses a long-term threat. As blockchains are not meant to be changed, theoretically, a blockchain could become an immutable host of malicious content.
“The latest findings in the Q2 2024 Internet Security Report reflect how threat actors tend to fall into patterns of behaviour. Certain attack techniques become trendy and dominant in waves,” said Corey Nachreiner, CSO, WatchGuard Technologies. “Moreover, the report illustrates the importance of routinely updating and patching software and systems to address security gaps and ensure threat actors cannot exploit older vulnerabilities. Adopting a defence-in-depth approach, which can be executed effectively by a dedicated managed service provider, is a vital step toward combating these cybersecurity challenges successfully.”
Additional key findings from WatchGuard’s Report include:
- Malware detections were down 24% overall. This drop was caused by a 35% decrease in signature-based detections. However, threat actors were simply shifting focus to more evasive malware. Moreover, in Q2 2024, the Threat Lab’s advanced behavioural engine that identifies ransomware, zero-day threats, and evolving malware threats, found a 168% increase in evasive malware detections quarter-over-quarter.
- Network attacks increased 33% from Q1 2024. Across regions, the Asia Pacific accounted for 56% of all network attack detections, more than doubling since the previous quarter.
- An NGINX vulnerability, originally detected in 2019, was the top network attack by volume in Q2 2024. It had not appeared in the Threat Lab’s Top 50 network attacks in previous quarters. The vulnerability accounted for 29% of total network attack detection volume, or approximately 724,000 detections across the US, EMEA, and APAC.
- The Fuzzbunch hacking toolkit emerged as the second-highest endpoint malware threat detected by volume. The toolkit serves as an open-source framework that can be used to attack Windows operating systems. It was stolen during The Shadow Brokers’ attack of the Equation Group, an NSA contractor, in 2016.
- Seventy-four percent of all browser-initiated endpoint malware attacks targeted Chromium-based browsers, which include Google Chrome, Microsoft Edge, and Brave.
- A signature that detects malicious web content, trojan.html.hidden.1.gen, came in as the fourth most-widespread malware variant. The most common threat category caught by this signature involved phishing campaigns. These gather credentials from a user’s browser and deliver this information to an attacker-controlled server. Curiously, the Threat Lab observed a sample of this signature targeting students and faculty at Valdosta State University in Georgia.
- Blockchain
- Cybersecurity in FinTech