The number of detected malware is on the decline, experts have said, but it’s still too early to celebrate.
WatchGuard Technologies’ Internet Security Report states there has been a reduction in overall malware detections from the peaks seen in the first half of 2021.
According to the report, endpoint detection were down overall by 20%.
Follina wreaking havoc
While on its own, this might seem like a good thing, there’s more to it than meets the eye: “While overall malware attacks in Q2 fell off from the all-time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing a worrisome upward trend,” said Corey Nachreiner, Chief Security Officer at WatchGuard. “This could reflect threat actors shifting their tactics to rely on more elusive malware.”
Furthermore, the researchers claim to have registered an increase in threats for Chrome and Microsoft Office. The top incident for the quarter was the Follina Office exploit, a flaw that allowed threat actors to run malicious code remotely, needing nothing but minimal interaction from the victim. Allegedly, everyone from crooks looking for a quick buck, to nation-state actors, have been using Follina, and are probably using it today against non-patched endpoints.
At the same time, malware exploiting browsers is up by almost a quarter (23%). Chrome’s had it worse, experiencing a 50% surge. Most detections (87%) for the quarter went on malicious scripts.
Finally, WatchGuard believes we shouldn’t be dropping our guard against the dreaded Emotet. While its volume declined since last quarter, it remains “one of network security’s biggest threats”.
One of the top 10 overall and top five encrypted malware detections for the quarter was XLM.Trojan.abracadabra, a Win Code injector spreading Emotet, and this one was “widely seen” in Japan, the researchers concluded.