{"id":8043,"date":"2022-09-28T10:55:29","date_gmt":"2022-09-28T10:55:29","guid":{"rendered":"https:\/\/picante.today\/portal\/?p=8043"},"modified":"2022-09-28T10:55:29","modified_gmt":"2022-09-28T10:55:29","slug":"watchguard-threat-lab-reports-decrease-in-malware-volume-surge-in-encrypted-malware-and-actively-exploited-office-vulnerabilities","status":"publish","type":"post","link":"https:\/\/picante.today\/portal\/latest-news\/2022\/09\/28\/8043\/watchguard-threat-lab-reports-decrease-in-malware-volume-surge-in-encrypted-malware-and-actively-exploited-office-vulnerabilities\/","title":{"rendered":"WatchGuard Threat Lab Reports Decrease in Malware Volume, Surge in Encrypted Malware and Actively Exploited Office Vulnerabilities"},"content":{"rendered":"

\"\"<\/p>\n

The Emotet comeback continues as threat actors target SCADA systems<\/em><\/strong><\/p>\n

28 September 2022<\/strong>: The latest\u00a0Internet Security Report<\/a>\u00a0from the WatchGuard Threat Lab, shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet botnet resurgence.<\/p>\n

\u201cWhile overall malware attacks in Q2 fell off from the all-time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing a worrisome upward trend,\u201d said Corey Nachreiner, Chief Security Officer at WatchGuard. \u201cThis could reflect threat actors shifting their tactics to rely on more elusive malware.\u201d<\/p>\n

The Q2 Internet Security Report shows that Office exploits continue to spread more than any other category of malware. The quarter\u2019s top incident was the Follina Office exploit (CVE-2022-30190), which was first reported in April and not patched until late May. Delivered via a malicious document, Follina was able to circumvent Windows Protected View and Windows Defender and has been actively exploited by threat actors, including nation-states. Three other Office exploits (CVE-2018-0802, RTF-ObfsObjDat.Gen, and CVE-2017-11882) were widely detected in Germany and Greece.<\/p>\n

WatchGuard researchers also found that endpoint detections of malware were down overall, but not equally. Despite a 20% decrease in total endpoint malware detections, malware exploiting browsers collectively increased by 23%, with Chrome seeing a 50% surge. One potential reason for the increase in Chrome detections is the persistence of various zero-day exploits. Scripts continued to account for the lion\u2019s share of endpoint detections (87%) in Q2.<\/p>\n

Another key finding in the report is that the top 10 signatures accounted for more than 75% of network attack detections. This quarter saw increased targeting of ICS and SCADA systems that control industrial equipment and processes, including new signatures (WEB Directory Traversal -7 and WEB Directory Traversal -8). The two signatures are very similar; the first exploits a vulnerability first uncovered in 2012 in a specific SCADA interface software while the second is most widely detected in Germany.<\/p>\n

WatchGuard also warns of a resurgent Emotet. While the volume has declined since last quarter, Emotet remains one of network security’s biggest threats. One of the quarter\u2019s top 10 overall and top 5 encrypted malware detections, XLM.Trojan.abracadabra \u2013 a Win Code injector that spreads the Emotet botnet \u2013 was widely seen in Japan.<\/p>\n

WatchGuard\u2019s quarterly research reports are based on anonymized Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Lab\u2019s research efforts. In Q2, WatchGuard blocked a total of more than 18.1 million malware variants (234 per device) and more than 4.2 million network threats (55 per device). The full report includes details on additional malware and network trends from Q2 2022, recommended security strategies, and critical defense tips for businesses of all sizes and in any sector.<\/p>\n

For a detailed view of WatchGuard\u2019s research, read the complete Q2 2022 Internet Security Report\u00a0here<\/a>\u00a0or visit:\u00a0https:\/\/www.watchguard.com\/wgrd-resource-center\/security-report-q2-2022<\/a><\/p>\n

About WatchGuard Technologies<\/strong><\/p>\n

WatchGuard\u00ae Technologies, Inc. is a global leader in unified cybersecurity. Our\u00a0Unified Security Platform\u00ae<\/a>\u00a0approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company\u2019s award-winning products and services offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit\u00a0WatchGuard.com<\/a>.<\/p>\n

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard<\/a>), on\u00a0Facebook<\/a>, or on the\u00a0LinkedIn Company<\/a>\u00a0page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at\u00a0www.secplicity.org<\/a>.\u00a0Subscribe to The 443 \u2013 Security Simplified podcast<\/a>\u00a0at\u00a0Secplicity.org<\/a>, or wherever you find your favorite podcasts.<\/p>\n

\n

\n","protected":false},"excerpt":{"rendered":"

The Emotet comeback continues as threat actors target SCADA systems 28 September 2022: The latest\u00a0Internet Security Report\u00a0from the WatchGuard Threat Lab, shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet botnet resurgence. […]<\/p>\n","protected":false},"author":2,"featured_media":8047,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[109,6],"tags":[2143,2147,2145,2144,2142,2146],"class_list":{"0":"post-8043","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-it-security","8":"category-latest-news","9":"tag-hief-security-officer-at-watchguard","10":"tag-scada-interface-software","11":"tag-targeting-of-ics-and-scada-systems","12":"tag-the-q2-internet-security-report","13":"tag-watchguard-threat-lab","14":"tag-watchguards-research"},"_links":{"self":[{"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/posts\/8043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/comments?post=8043"}],"version-history":[{"count":0,"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/posts\/8043\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/media\/8047"}],"wp:attachment":[{"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/media?parent=8043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/categories?post=8043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/picante.today\/portal\/wp-json\/wp\/v2\/tags?post=8043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}