WatchGuard Internet Security Insights Q4, 2023

The latest WatchGuard Internet Security Insights report is out for Q4, 2023. highlights of this report include:

• Total network-based malware detections increased by around 80%, with sophisticated/evasive malware detected by APT Blocker up 37%. Malware detected by machine-learning methods rose 196%.
• 55% of malware was hiding behind encryption (TLS). 60% was zero-day malware that evades signature-based detection.
• Two of the top 5 most widespread malware variants (JS.Agent.USF and Trojan.GenericKD) redirect to the DarkGate malware network.
• Network attacks overall decreased 10% quarter-over-quarter, but unique network attacks rose nearly 16%.
• ProxyLogon, a critical Microsoft Exchange vulnerability, remains one of the top exploited attacks. 4 of the top 5 network vulnerabilities target Microsoft software.
• Endpoint protection products blocked 108 unique malware variants per 100k machines, continuing a decline from Q3. Endpoint ransomware attacks decreased about 19.7%.
• Cyberattack commoditization continues trending toward “malware-as-a-service” offerings like Glupteba.
• Malicious scripts remain the most prevalent malware delivery vector, especially PowerShell and JavaScript.
• Malicious SharePoint subdomains have returned as a top malicious link type, along with malvertising links and compromised WordPress sites.

While some metrics like endpoint malware and ransomware decreased, sophisticated network-based malware and unique attack varieties increased significantly, with encryption and zero-day threats posing major challenges. Commoditized attacks also remain prevalent. Be sure to check out the infographic below and download the full report here.