Increasing Crypto Miner Detections
WatchGuard Technologies, a leading cybersecurity firm, has released its latest Internet Security Report, which reveals a significant increase in crypto miner detections. The report, based on anonymized and aggregated threat intelligence from WatchGuard’s network and endpoint products, shows a 141% quarter-over-quarter increase in crypto miner detections. Crypto mining is a legitimate process for acquiring cryptocurrency on some blockchains, including Bitcoin. However, malicious actors can use crypto mining as a tactic to install malware without the user’s knowledge or consent. As the price and popularity of Bitcoin increase, crypto miner detections also rise, indicating that attackers are leveraging this tactic to evade traditional defenses.
Zero-Day Malware on the Rise
The report also notes a significant increase in zero-day malware, which has rebounded to 53% in Q4, up from its all-time low of 20% in Q3. Zero-day malware is a type of malware that exploits previously unknown vulnerabilities in software, making it difficult for traditional defenses to detect. The rise of zero-day malware is largely attributed to the increasing use of encrypted connections, which typically deliver more sophisticated and evasive threats. As attackers continue to use encryption to evade traditional defenses, the threat landscape becomes increasingly complex and challenging to navigate.
Endpoint Malware on the Decline
On the other hand, the report notes a decline in endpoint malware, with a 74% increase in Advanced Persistent Threat (APT) Blocker detections, indicating that proactive machine learning detection is catching sophisticated malware, like zero-day malware. The data highlights the growing role of proactive machine learning detection in anti-malware services, which is catching malicious actors off guard. This trend suggests that attackers are leaning harder into obfuscation and encryption, challenging traditional defenses.
Network-Based Malware Detections on the Rise
The report also shows a significant increase in network-based malware detections, with a 94% quarter-over-quarter rise in network-based malware. This indicates that attackers are becoming more sophisticated in their attempts to evade traditional defenses.
Key Takeaways
• WatchGuard’s Q4 2024 Internet Security Report highlights the evolving cyber threat landscape, with attackers increasingly relying on evasive malware techniques to evade traditional defenses. • Crypto miner detections are on the rise, with a 141% quarter-over-quarter increase, indicating that attackers are leveraging this tactic to evade traditional defenses. • Zero-day malware has rebounded to 53% in Q4, up from its all-time low of 20% in Q3, highlighting the increasing use of encrypted connections to deliver more sophisticated threats. • Endpoint malware is declining, with a 74% increase in APT Blocker detections, indicating that proactive machine learning detection is catching sophisticated malware. • Network-based malware detections are on the rise, with a 94% quarter-over-quarter increase, indicating that attackers are becoming more sophisticated in their attempts to evade traditional defenses.
Living Off-the-land Attacks
The report also highlights the trend of living off-the-land (LOTL) attacks, which exploit legitimate system tools like PowerShell, Windows Management Instrumentation (WMI), or Office macros instead of relying on external malware to load malware. LOTL attacks are trending, with 61% of endpoint attack techniques leveraging PowerShell injection and scripts. This trend underscores that attackers are going after the “bread and butter” style attacks in mass.
Network Attack Trends
The report notes that network attacks declined 27% from the previous quarter, with many tried-and-true exploits persisting as top attacks. This highlights that attackers stick with what they know works.
Phishing Domains
The top phishing domains list remained unchanged from the previous quarter, highlighting the continued use of persistent and high-impact phishing infrastructure.
Endpoint Attack Vectors
The report also notes that 83% of endpoint attack vectors are from PowerShell, with 97% of those being PowerShell-based. This highlights the importance of PowerShell in the threat landscape.
Conclusion
The WatchGuard Internet Security Report highlights the evolving cyber threat landscape, with attackers increasingly relying on evasive malware techniques to evade traditional defenses. As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and implement robust security measures to protect against these threats. To stay up-to-date on the latest threat intelligence and research, follow WatchGuard on Twitter (@WatchGuard), Facebook, or LinkedIn Company page. Subscribe to The 443 – Security Simplified podcast wherever you find your favorite podcasts. Visit WatchGuard.com for more information and to download the complete Q4 2024 Internet Security Report. References
- WatchGuard Technologies, Inc.
- A global leader in unified cybersecurity, WatchGuard Technologies, Inc. provides award-winning products and services spanning network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi.
For additional information, promotions, and updates, follow WatchGuard on Twitter (@WatchGuard), Facebook, or LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them.
news is a contributor at AntiVirusDon. We are committed to providing well-researched, accurate, and valuable content to our readers.
