The data leave no doubt: the unique detections of malware increased by 171% compared to the previous quarter, the greatest growth recorded to date by the Watchguard Threat Lab team. Especially worrying is the rise of the type malware Zero Dayspecifically designed to avoid signature -based security systems.
And, the attackers change their strategy, bet on the obfuscation, encryption and artificial intelligence. The last Watchguard Technologies Internet security report reveals an unprecedented increase in the threats detected in network, Endpoints and encrypted connections during the first quarter of the year. A panorama in which traditional defenses are no longer enough.
Machine Learning -based technology, however, has become a key ally against these new threats. Watchguard’s IntelligentaV (IAV) solution based on automatic learning, increased its proactive detection by 323%, which highlights its role against the most advanced and obfuscated malware. A 30% increase in the attacks intercepted by gateway antivirus (GAV) and a 11 -point rebound in the threats distributed through encrypted connections using TLS were also observed.
“The attackers are using AI tools to launch phishing campaigns increasingly precise and automated. The artificial intelligence war has already begun,” says Corey Nachreiner, Chief Security Officer of Watchguard.
Endpoints under siege
One of the most striking data of the report is the growth of 712% in threats of malware detected in Endpoints. After three quarters of fall, this figure shows a radical change in the cybercriminal approach. In this area, the most common threat has been LSass Dumper, a tool used to steal credentials and climb privileges through direct manipulation of the operating system.
The report also confirms the transformation of ransomware. Although its presence has decreased by 85%, its payload is still very present, with variants such as ransomware termites. Instead of encrypting files, attackers now prefer to extract confidential information, aware that many organizations have increasingly effective backup systems.
Goodbye to the scripts, hello to the lotl
Historically, scripts have been one of the most used vectors to attack Endpoints. However, this quarter its use has been reduced by half, while techniques increase Living off the land (LOTL), who take advantage of Windows legitimate tools to execute malicious code without raising suspicions. This type of threats grew 18% in the analyzed period.
One of the most sophisticated threats identified has been trojan. From Watchguard, organizations are recommended to reinforce their TLS inspection policies, incorporate behavior analysis and bet on advanced protection in the Endpoint.
More local threats, less new exploits
The most widespread malware of the quarter has been Application.Cashback.b.0835E4A4, which has reached very high levels of prevalence in countries such as Chile (76%) and Ireland (65%). This geographical pattern underlines the need to implement defenses adapted to each region.
On the other hand, the number of unique network signatures detected has dropped 16%, indicating that attackers are reusing old exploits, trusting that organizations have not yet already known vulnerabilities.
Ia on both sides
A conclusion that crosses the entire report is the growing role that artificial intelligence plays both in the offensive and in defense. While cybercriminal cybercounts use it to create more credible and automated phishing campaigns, also AI -based solutions and automatic learning are significantly improving the perimeter detection capacity and endpoint.
As Nachreiner concludes: “Organizations must adopt robust, adaptive and total visibility safety solutions if they want to get ahead of the new risks driven by AI.”
