WatchGuard Blog

Latest malware trends according to our ISR

In today's digital age, cybersecurity has become a constant concern for organizations. A thorough understanding of the cyber threat landscape is needed to address these challenges and protect your company's systems and data, as only then can you implement effective protection measures.

To shed light on this complex and ever-changing situation, WatchGuard haspublished our latest Internet Security Report (ISR), analyzing data from Q4 2023 that reveals the chief malware trends and threats that jeopardize the security of both networks and endpoints.

7 key findings from the ISR

The malware landscape is constantly changing, with new threats and attack vectors emerging all the time. Here are the key findings from our ISR:

  • Rise in network-based malware: One of the key findings is the significant increase in network-based malware, which rose to 80% in the last quarter of 2023. In addition, malware detection by the APT Blocker service, i.e., behavior-based malware prevention, has shot up by 37%, evidencing the growth of sophisticated and evasive malware. The 196% increase in malware detected using machine-learning methods corroborates this trend towards more complex and difficult-to-identify malware. 
  • More than half of the malware detected corresponds to zero-day attacks: During this quarter, zero-day malware reached an alarming 60% of all malware detected. This figure represents a significant increase compared to 22% for the previous quarter. 
  • Network attacks decreased by 10%: While the total number of network attacks has fallen, the diversity of exploits used by threat actors has grown by 16%. This indicates that hackers are deploying a wider range of techniques to infiltrate networks, which ups the security challenge.
  • Microsoft products are frequently targeted: This is because it allows cybercriminals to exploit the same vulnerability to attack a large number of products. Many organizations still use EOL Microsoft software that no longer receives technical support, and this makes it an easy target for cybercriminals if security patches are not applied. 
  • Malicious SharePoint subdomains resurface: Apart from SharePoint subdomains, there has been a growth in malicious advertising links and domains being hosted on compromised WordPress websites. Implementing technical measures such as DNS firewalls is crucial to cover potential gaps in training and minimize the risk of human error. 
  • Malware on endpoints has decreased: This reduction could be related to the increase in malware detection at the network level, which means that malware is being intercepted before reaching endpoints. 
  • Ransomware is down 19.7%: Although still a major threat, ransomware growth has stagnated recently. This is because the authorities have done a good job of combating it, but it is likely to make a comeback in the future.

How can you protect your organization?

Understanding threat trends is critical to creating sound defense strategies. Data from our ISR indicates that companies should focus their efforts on updating their software and avoiding EOL software, as well as training their employees on how to identify malicious links. While network and endpoint defenses are important, neither is perfect. The best way to improve security is to combine both strategies, implementing a robust defense of both network and endpoints. Adding strong identity protections, such as multi-factor authentication (MFA), can further strengthen your business's defenses.

To learn more about the malware trends detected in our ISR, be sure to read the full report: Internet Security Report - Q4 2023