Ransomware on Target for 150% Increase This Year

More bad news on the data security front. Ransomware and fileless malware are both seeing large surges this year.

According to the newly released Q2 2021 Internet Security Report from WatchGuard Technologies, in the first six months of 2021, ransomware attacks were already at nearly the total volume for all of the previous year and are on target to see a 150% increase by the end of the year. According to WatchGuard: "While total ransomware detections on the endpoint were on a downward trajectory from 2018 through 2020, that trend broke in the first half of 2021, as the six-month total finished just shy of the full-year total for 2020. If daily ransomware detections remain flat through the rest of 2021, this year’s volume will reach an increase of over 150% compared to 2020."

Fileless malware — malware originating from scripting engines, such as PowerShell — is increasing at an even greater pace and is on track to double 2020's total this year. AMSI.Disable.A is one such malware type that's on the rise. According to WatchGuard: "AMSI.Disable.A showed up in WatchGuard’s top malware section for the first time in Q1 and immediately shot up for this quarter, hitting the list at #2 overall by volume and snagging the #1 spot for overall encrypted threats. This malware family uses PowerShell tools to exploit various vulnerabilities in Windows. But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected."

Other findings from the report included:

  • A massive 91.5% of all malware arrived over encrypted connection. "Put simply, any organization that is not examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware," according to WatchGuard.

  • Network attacks rose 22% in the quarter, reaching the highest level sine 2018. "Q1 saw nearly 4.1 million network attacks. In the quarter that followed, that number jumped by another million – charting an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-focused protections."

  • Microsoft Office continues to be a popular attack vector. WatchGuard reported a new 2017 RCE vulnerability that debuted in the second quarter as the No. 1 network attack. "Though it may be an old exploit and patched in most systems (hopefully), those that have yet to patch are in for a rude awakening if an attacker is able to get to it before they do."

  • Aside from the 2017 RCE vulnerability, two other top-10 network attacks exploited old vulnerabilities, according to the report: a "2011 Oracle GlassFish Server vulnerability [and] a 2013 SQL injection flaw in medical records application OpenEMR…."

The report was based on "anonymized Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Lab’s research efforts. In Q2, WatchGuard blocked a total of more than 16.6 million malware variants (438 per device) and nearly 5.2 million network threats (137 per device)."

The complete Q2 2021 Internet Security Report is available with free registration on Watchguard's site. (An executive summary is available without registration.)

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • glowing blue nodes connected by thin lines in an abstract network on a dark gray to black gradient background

    Gartner Report: Generative AI Taking Over SD-WAN Management

    In a few years, nearly three quarters of network operators will use generative AI for SD-WAN management, according to a new report from market research firm Gartner.

  • digital network grid shows lines and nodes, with one node highlighted in red

    3 in 4 Education Institutions Have Uncovered a Cyber Attack on Their Infrastructure in the Past Year

    Seventy-seven percent of institutions across K-12 and higher education have identified a cyber attack on their infrastructure within the past 12 months, according to a new survey from cybersecurity company Netwrix.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs Off on AI Content Safeguard Laws

    California Governor Gavin Newsom has officially signed a series of landmark artificial intelligence bills into law, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.