WatchGuard reveals Q2 2024 cyber threat trends report

WatchGuard Technologies has released its latest Internet Security Report, detailing significant trends observed in the realm of cybersecurity during the second quarter of 2024.

The report highlights that seven of the top ten malware threats during the period were new, indicating an adaptation of tactics by cybercriminals. Among these new threats is Lumma Stealer, a sophisticated malware designed to extract sensitive data from compromised systems. Additionally, a variant of the Mirai Botnet, known for infecting smart devices to create remotely controlled bots, and LokiBot malware targeting Windows and Android devices to steal credentials, were also identified.

The report also shed light on a novel method employed by cybercriminals, termed "EtherHiding," which embeds malicious PowerShell scripts within blockchains such as Binance Smart Contracts. These scripts appear via fake error messages on compromised websites, urging victims to "update their browser." The threat posed by this method is long-lasting, as it utilises the immutable nature of blockchains to persist malicious content.

Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, outlined the habitual patterns of attackers in targeting specific vulnerabilities. "The latest findings in the Q2 2024 Internet Security Report reflect how threat actors tend to fall into patterns of behaviour, with certain attack techniques becoming trendy and dominant in waves," he stated.

Nachreiner also stressed the importance of regular software updates and patches to address security vulnerabilities, suggesting that a defence-in-depth approach, particularly through a managed service provider, is essential for effective security management.

Additional insights from the Q2 report included a 24% reduction in malware detections overall, attributed to a significant 35% decline in signature-based detections. However, this was offset by a notable 168% increase in detections of evasive malware, identified by the Threat Lab's advanced behavioural analysis engine.

Network attacks were recorded to have risen by 33% worldwide from the previous quarter. Notably, the Asia Pacific region was responsible for 56% of all detected network attacks, a figure more than double the previous quarter's tally.

Another significant finding in the report was that an NGINX vulnerability first discovered in 2019 ranked as the leading network attack by volume in Q2 2024, comprising roughly 29% of the total network attack detections. This amounted to approximately 724,000 instances across the United States, EMEA, and the Asia Pacific regions.

The report also noted the prominence of the Fuzzbunch hacking toolkit as the second-most detected endpoint malware threat by volume. Stolen in an attack against an NSA contractor in 2016, this tool serves as an open-source framework used to compromise Windows operating systems.

Chromium-based browsers such as Google Chrome, Microsoft Edge, and Brave were the targets for 74% of browser-initiated endpoint malware attacks. An increase in phishing activities was also observed, with trojan.html.hidden.1.gen detected as the fourth most widespread malware variant, primarily associated with phishing attacks that extract credentials and send them to attacker-controlled servers. Notably, this particular signature was observed targeting individuals at Valdosta State University in Georgia.

The report, consistent with WatchGuard's unified security platform methodology, utilises anonymised and aggregated threat intelligence sourced directly from the company's network and endpoint products. This data maps out a picture of the current threat landscape, emphasizing the need for comprehensive security strategies in countering evolving cyber threats.