IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WatchGuard finds malware volume decreased in Q2, but warns Emotet is resurging

The network security company underlined that Microsoft Office exploits continue to spread more than any other category of malware too

A new report shows there’s been a reduction in overall malware detections from the peaks seen in the first half of 2021, although there’s been an ongoing Emotet botnet resurgence.

Microsoft Office exploits continue to spread more than any other category of malware, according to WatchGuard Threat Lab’s Q2 Internet Security Report. The quarter’s top incident was the Follina Office exploit, first reported in April but not patched until late May. Delivered via a malicious document, Follina was able to circumvent Windows Protected View and Windows Defender and has been actively exploited by threat actors, including nation states, stated the report.

Researchers also found that the endpoint detections of malware were down overall, but not equally. Despite a 20% decrease in total endpoint malware detections, malware exploiting browsers collectively increased by 23%, with Chrome seeing a 50% surge. WatchGuard found that one potential reason for the increase in Chrome detections is the persistence of various zero-day exploits. Scripts continued to account for the lion’s share of endpoint detections (87%) in Q2.  Additionally, network-based malware detections dropped 15.7% quarter over quarter. This includes drops in both basic malware and evasive or zero-day malware.

The network security company also warned of a resurgent Emotet. Although the volume has declined since last quarter, Emotet remains one of network security’s biggest threats. One of the quarter’s top 10 overall and top 5 encrypted malware detections, XLM.Trojan.abracadabra – a Win Code injector that spreads the Emotet botnet – was widely seen in Japan.

“While overall malware attacks in Q2 fell off from the all-time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing a worrisome upward trend,” said Corey Nachreiner, chief security officer at WatchGuard. “This could reflect threat actors shifting their tactics to rely on more elusive malware.”

Related Resource

Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency

Whitepaper cover with title over a grey rectangle with header graphic and ESG logoFree Download

The report also found that the top 10 code signatures accounted for over 75% of network attack detections. The quarter saw increased targeting of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems that control industrial equipment and processes, as well as new signatures like WEB Directory Traversal -7 and WEB Directory Traversal -8. The two new signatures are similar, the first exploits a vulnerability first uncovered in 2012 in a specific SCADA interface software while the second is most widely detected in Germany.

WatchGuard also shared that in Q2 it blocked a total of more than 18.1 million malware variants and more than 4.2 million network threats. Europe, the Middle East, and Africa (MENA) was also the most targeted region, receiving 52% of malware hits. The remainder was split between the Americas and the Asia Pacific, with APAC receiving slightly more.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

The death of network hardware appliances
Whitepaper

The death of network hardware appliances

19 Oct 2022
What is subnetting?
Network & Internet

What is subnetting?

28 Jul 2022
Server virtualisation: What is it and what are the benefits?
virtualisation

Server virtualisation: What is it and what are the benefits?

25 Jul 2022
Rogers Communication to invest C$10 billion in AI, oversight following outage
business transformation

Rogers Communication to invest C$10 billion in AI, oversight following outage

25 Jul 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022