SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
WatchGuard reveals rise in remote access software exploits
Thu, 7th Dec 2023

WatchGuard Technologies, a leading provider of unified cybersecurity, has released their latest Internet Security Report that reveals a rise in cyber actors exploiting remote access software, increases in the use of password-stealers and info-stealers, and an 89% expansion in endpoint ransomware attacks.

The report, compiled by WatchGuard Threat Lab researchers, also found a decline in malware arriving over encrypted connections. Additionally, the study shows that cyber threat actors are pivoting from script-based methods to other 'living-off-the-land' techniques to launch endpoint attacks.

According to Corey Nachreiner, the Chief Security Officer at WatchGuard, the continued evolution of attack methods necessitates heightened attention to recent tactics for businesses to reinforce their security strategies. He emphasised the importance of social engineering education in conjunction with a unified security approach incorporating layered defence strategies, all of which can be effectively managed by service providers.

The Internet Security Report for Q3 2023 highlighted several notable key points. For instance, cyber attackers increasingly use remote management tools and software to circumvent anti-malware detection. An example provided by the report notes a tech support scam resulting in the user downloading an unauthorised version of TeamViewer, allowing the attacker full remote access to the computer.

Q3 of 2023 also saw the variant 'Medusa' surge, driving a quarter-to-quarter increase of 89% in endpoint ransomware attacks. In response to heightened protections around PowerShell and other scripting, threat actors instead pivoted to utilising different 'living-off-the-land' techniques. Malware arrival via encrypted connections declined to 48%, yet total malware detections rose by 14%.

The report also reveals the increase of 'commoditised malware'. A new malware family, Lazy.360502, emerged in the top ten list, proving to be a dual threat as it delivers an adware variant (2345explorer) as well as the Vidar password stealer. The increased use of this malware, supplied by a Chinese website, indicates a growing trend towards 'password-stealer-as-a-service'.

Overall, the volume of network attacks jumped 16% in Q3. ProxyLogon was the most targeted vulnerability in these attacks, accounting for 10% of all network detections. Three past vulnerabilities also surprisingly emerged in the top 50 network attacks included in this report.

The valuable insights and granular data provided in WatchGuard's Q3 2023 Internet Security Report underscore the ever-evolving tactics of threat actors and the crucial need for robust, unified cybersecurity measures and constant vigilance by organisations.