Overall Malware Down Slightly in the Quarter, as Double-Extortion Attacks Increase

Malware in general declined in the second quarter of 2023, according to a new report, even as double-extortion ransomware grew substantially.

The Internet Security Report, released today by WatchGuard Technologies, found that malware detections slid 8% in Q2 compared with Q1 2023. The report noted, however, that malware campaigns impacting 100 or more systems increased 21% in the quarter, and those targeting 10 to 50 systems increased 22%. So the decline was driven exclusively by campaigns targeting one to nine systems.

Ransomware as a whole also declined in the quarter, down 21% from Q1 2023 and down 72% from Q2 2022. However, double-extortion attacks — a form of ransomware in which data is both encrypted and downloaded by attackers, often with the added threat of publication — grew 72% from the previous quarter. WatchGuard also identified 13 new extortion groups during the quarter.

"The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively," said Corey Nachreiner, chief security officer at WatchGuard, in a prepared statement. "There is no single strategy that threat actors wield in their attacks, and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense."

The report, which was based on data from across all sectors, noted that 95% of malware "lurks behind SSL/TLS encryption used by secured websites. Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware. Furthermore, zero day malware dropped to 11% of total malware detections, an all-time low. However, when inspecting malware over encrypted connections, the share of evasive detections increased to 66%, indicating attackers continue to deliver sophisticated malware primarily via encryption."

Other findings from the report included:

  • Out of the top-10 detections for the quarter, six were new malware variants;

  • Script-based malware dropped 41% in the quarter, though scripts still accounted for 74% of total detections;

  • WMI, PSExec, and other Windows tools were exploited in 17% of cases in which criminals gained access to systems, an increase of 29%;

  • Older software vulnerabilities continue to be exploited, including ATutor, an LMS that has not been updated since 2018; and

  • Compromised domains included WordPress blogs and other "self-managed websites," as well as domain shortening services that were exploited "to host either malware or malware command and control framework."

The complete report is freely available (with registration) on WatchGuard's site.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • cyber security padlock

    Report: AI Adoption Forces Trade-Off Between Speed and Identity Security

    AI adoption is forcing enterprises to trade security for speed — and identity controls are the first casualty, according to a new report from Delinea, a provider of identity security solutions for both human and AI agent identities.

  • abstract smartphone translucent screen displaying AI interface

    Apple Unveils Redesigned Siri AI

    At its recent Worldwide Developers Conference, Apple announced Siri AI, a redesigned version of its voice assistant that Apple describes in its own announcement as "a profoundly more capable and personal assistant." The update is intended to make Siri more conversational, more context-aware, and more useful across iPhone, iPad, Mac, Apple Watch, and Vision Pro.

  • Teacher meeting parents discussing student progress in classroom

    Michigan's Flint Community Schools Adopts Human-Centered Approach to Fight Chronic Absenteeism

    In an effort to boost enrollment and combat chronic absenteeism, Michigan's Flint Community Schools has partnered with Concentric Educational Solutions to help address the academic, social, emotional, and environmental factors that prevent students from enrolling, re-enrolling, or attending school.

  • AI logo near computer equipment

    White House Issues National Policy Framework for AI

    The White House has released a four-page AI policy framework aimed at setting a national approach to AI, with priorities including child safety, intellectual property protections, truth and accuracy guardrails, and worker training for an AI-driven economy.