WatchGuard Threat Lab Report finds 300% increase in endpoint malware

Other key findings include a resurgence of cryptomining malware, an increase in signature-based and social engineering attacks, and increased malware attacks across EMEA.

  • Thursday, 20th February 2025 Posted 2 months ago in by Phil Alsop

WatchGuard Technologies has released the findings of its latest Internet Security Report, a quarterly analysis detailing the top malware, network, and endpoint security threats observed by the WatchGuard Threat Lab researchers during the third quarter of 2024.

The report’s key findings include a 300% increase quarter over quarter of endpoint malware detections, highlighted by growing threats that exploit legitimate websites or documents for malicious purposes as threat actors turn to more social engineering tactics to execute their attacks. While Microsoft documents like Word and Excel have long been targets for deceiving users into downloading malicious software, strict anti-macro protections on Word, Excel, and PowerPoint Office files have led attackers to use OneNote files to deliver Qbot (a remote access botnet trojan). Another top threat that exploits legitimate services includes new attacks on WordPress plug-in vulnerabilities. Threat actors exploit these vulnerabilities to gain control over websites and leverage their reputation to host malicious downloads like SocGholish, which deceives users with false prompts to update their browsers and then execute malware. WordPress hosts more than 488.6 million websites worldwide, which comprises 43% of all websites on the Internet.

The Threat Lab also observed a rise in threat actors utilising cryptominers this quarter, many of which were capable of additional malicious behaviours. Cryptominers are malware that hides on the user’s device and steals its computing resources to mine for online currencies such as Bitcoin. As cryptocurrency rises again in value and popularity, cryptomining malware is also regaining popularity.

“The findings from our Q3 2024 Internet Security Report demonstrated a dramatic shift in traditional versus evasive malware threats,” said Corey Nachreiner, chief security officer, of WatchGuard Technologies. “These findings illustrate how quickly the threat landscape can evolve, so it's important to utilise full, defense-in-depth cybersecurity solutions that can quickly catch old threats and adapt to new ones in real-time. Organisations of all sizes should consider adopting AI-powered threat detection to spot unexpected traffic patterns and reduce dwell time, ultimately reducing the cost of a breach but also maintaining their traditional antimalware controls too.”

Additional key findings from WatchGuard’s Q3 2024 Internet Security Report include:

• This quarter, signature-based detections increased by 40% as threat actors turned to more social engineering tactics to execute their attacks. This growth underscores the rising prevalence of traditional malware as attackers refine their strategies to exploit legacy systems or widespread vulnerabilities.

• EMEA accounted for 53% of all malware attacks by volume, doubling from the previous quarter. Meanwhile, the Asia Pacific region accounted for the most network attack detections, with 59% targeting the area.

• Malware attacks declined by 15% from the previous quarter. The Threat Labs findings also demonstrate that attackers created less new or unique malware than in prior quarters but are using a wider breadth of malware techniques instead to infect devices.

• Only 20% of malware detections evaded signature-based detection methods. This was a significant departure from normal for what we call “zero-day malware,” which requires more proactive techniques to catch.

• While ransomware continued to trend downward in recent quarters, Threat Labs data shows more ransomware operators this quarter than in Q2 of 2024. Threat actors used a wider range of existing tactics to deliver ransomware rather than creating new attack avenues.

• Endpoint malware detections were up significantly this quarter with a 300% increase compared to Q2. This increase was coupled with a 74% decrease in threats blocked per 100k active machines, suggesting a flood of homogenous spam-like malware arriving on endpoints, likely separate malware campaigns with the same payload.

Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analysed in this quarterly report is based on anonymised, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts.

Complexity, scalability and compatibility remain challenging - 70% data workers struggle with pipeline management.

Cybersecurity strategies are failing

Posted 4 days ago by Phil Alsop
Cyber firm pleads with enterprises to wake up to the data security crisis before financial and legal fallout becomes catastrophic.
Avanade is unveiling the Avanade Intelligent Garden at this year's RHS Chelsea Flower Show in celebration of its 25th anniversary.

AI agents break cover

Posted 1 week ago by Phil Alsop
In a global survey of IT leaders, Cloudera found that enterprises are keen on AI agents, but fears around data privacy, integration, and data quality...
Economist Impact is pleased to announce the inaugural AI Compute summit, scheduled for May 22nd 2025, at the Scandic Copenhagen in Copenhagen. This...

Majority of AI projects don't make it to market

Posted 1 week ago by Phil Alsop
SS&C Technologies Holdings has published findings from a new survey: governance, process orchestration and strategic planning are critical to...

Security and compliance risks make VPNs obsolete

Posted 1 week ago by Phil Alsop
Zscaler has published the Zscaler ThreatLabz 2025 VPN Risk Report, commissioned by Cybersecurity Insiders, which highlights the widespread security,...

AI tops tech growth charts

Posted 1 week ago by Phil Alsop
Despite high interest rates, economic slowdown, stricter regulations on big tech and AI, Trump's tariff policies, and global trade wars, which hit...