WatchGuard Technologies has released its latest Internet Security Report, analysing cyber threats observed by the WatchGuard Threat Lab during the third quarter of 2024. The findings highlight a 300% increase in endpoint malware detections, a resurgence of cryptomining malware, and a rise in social engineering tactics targeting legitimate web services and documents.
The report identifies a shift in attack strategies, with cybercriminals increasingly exploiting trusted platforms such as Microsoft OneNote and WordPress to distribute malware. Attackers have moved away from traditional Office macro-based attacks due to enhanced security measures, instead leveraging OneNote files to spread Qbot, a remote access trojan. WordPress plugin vulnerabilities have also become a target, enabling attackers to compromise websites and distribute malware disguised as legitimate updates.
Cryptomining malware has seen a resurgence, with attackers using compromised devices to mine cryptocurrencies. These infections often include additional malicious functions, expanding their impact beyond resource theft.
Evolving Threat Landscape
“Our Q3 2024 findings reveal a shift in traditional versus evasive malware threats,” said Corey Nachreiner, Chief Security Officer at WatchGuard Technologies. “The rapidly changing landscape underscores the need for layered cybersecurity solutions that can identify emerging threats in real time. Organisations should consider AI-powered threat detection to reduce breach risks and enhance traditional malware defences.”
Signature-based malware detections increased by 40% as attackers refined social engineering techniques. The EMEA region accounted for 53% of all malware incidents, doubling from the previous quarter, while the Asia Pacific region experienced the highest number of network attack detections at 59%.
Malware attack volume declined by 15% from the previous quarter, with fewer newly developed threats. Instead, attackers employed diverse methods to distribute existing malware strains. Only 20% of detected malware evaded signature-based defences, highlighting a temporary decline in zero-day threats.
While ransomware incidents continued to decrease, more ransomware operators were active in Q3 compared to Q2. Attackers repurposed known tactics rather than developing new ransomware methodologies.
Endpoint Malware Surge
The 300% increase in endpoint malware detections coincided with a 74% drop in threats blocked per 100,000 active machines. This trend suggests widespread, repetitive malware campaigns rather than an increase in sophisticated threats.
WatchGuard’s analysis is based on anonymised, aggregated threat intelligence from its network and endpoint security products, contributing to ongoing cybersecurity research efforts.
For further details, the full Internet Security Report is available at WatchGuard’s website.