WatchGuard Report: Malware Decreases but Encrypted Malware Up in Q2 2022
Overall malware detections from the peaks seen in the first half of 2021 have decreased in the second quarter of 2022, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office.
The figures come from a report published by WatchGuard earlier today and shared with Infosecurity Magazine.
“While overall malware attacks in Q2 fell off from the all–time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing a worrisome upward trend,” said Corey Nachreiner, chief security officer at WatchGuard. “This could reflect threat actors shifting their tactics to rely on more elusive malware.”
According to the report, the quarter’s top threat was the Follina Office vulnerability (tracked CVE–2022–30190), which was first reported in April and patched only in late May. Campaigns exploiting Follina were later attributed to state actors by Proofpoint researchers.
Three other Office–based exploits (CVE–2018–0802, RTF–ObfsObjDat.Gen and CVE–2017–11882) were also widely detected in Germany and Greece.
Further, the WatchGuard report suggests that despite a 20% decrease in total endpoint malware detections, malware exploiting browsers collectively increased by 23%, with Chrome seeing a 50% surge.
In terms of attacks targeting OT infrastructures, WatchGuard said the top 10 signatures accounted for more than 75% of network attack detections amid increased targeting of ICS and SCADA systems.
Finally, the security report notes a resurgence of the Emotet malware, confirming figures from an August report by Check Point Research (CPR) and calling it “one of network security’s biggest threats.”
Beyond the threats mentioned above, the document includes details on additional malware and network trends from Q2 2022, alongside recommended security strategies, critical defense tips and more.
WatchGuard’s latest Internet Security Report is based on anonymized Firebox Feed data from active WatchGuard Fireboxes whose owners have directly opted to share data in support of the threat lab’s research efforts.