Cyber threats continue to evolve, and threat actors are becoming increasingly adept at adopting new tactics and tools to evade detection and compromise the security of organizations. This constant evolution makes it essential for businesses to stay up-to-date with the latest trends in cybersecurity to protect their networks and devices.
In WatchGuard® Technologies' report, Corey Nachreiner, Chief Security Officer of WatchGuard, emphasizes the importance of this continuous adaptation, stating that "threat actors continue to employ different tools and methods in their attack campaigns, making it crucial for organizations to keep up with the latest tactics to strengthen their security strategy."
It is evident that new variants of ransomware, changes in attack techniques based on the "living-off-the-land" concept (Living off the Land LotL describes a cyberattack in which intruders use legitimate software and functions available within the system to perform malicious actions), and the malware transmitted through encrypted connections are on the rise.
Furthermore, a new threat is emerging: the Lazy.360502 malware family, which demonstrates how malware is becoming increasingly "commercialized," offering credential theft services to threat actors.
Finally, network attacks have seen a significant increase, with ProxyLogon being one of the most exploited vulnerabilities. However, the threats to which systems are exposed are diverse and layered, including:
Rise in Abused Remote Access Software: Threat actors are increasingly using remote access software to evade anti-malware detection. A technical support scam was observed during research, where victims were induced to download an unauthorized version of TeamViewer, granting attackers full access to the victim's computer.
Increase in Ransomware with the Medusa Variant: The Medusa ransomware variant has led to an 89% increase in ransomware attacks on endpoints in the third quarter. Although ransomware detections appear to have decreased, the discovery of the Medusa variant has changed the landscape.
Changes in Living-off-the-Land Techniques: Threat actors are shifting their focus from current script-based attacks to other living-off-the-land techniques. While script-based attacks have decreased, they still account for 56% of total attacks. However, Windows living-off-the-land binary files have increased by 32%.
Less Malware Transmitted via Encrypted Connections: Malware arriving through encrypted connections has dropped to 48%, representing less than half of all detected malware. This is significant, considering it is considerably lower than previous quarters.
Stacked Dropper Family: A dropper family has been responsible for four out of the top five encrypted malware detections. This dropper family, named "Stacked," is distributed via email and appears as an attachment in email-based spear-phishing attempts.
Rise of Commercialized Malware: A new malware family, Lazy.360502, has entered the Top 10 list of major malware threats. This malware offers an adware variant and the Vidar password stealer, demonstrating the growing use of malware for commercial purposes.
Increase in Network Attacks: Network attacks have increased by 16% in the third quarter, with ProxyLogon being the most targeted vulnerability.
These trends pose a significant challenge for businesses and underscore the importance of adopting an advanced and continually evolving security strategy to protect data and business operations.