Emotet’s comeback continues as threat actors target SCADA systems. And it is that, at the moment, there is a decrease in the volume of malware, an increase in encrypted malware, as well as actively exploited Office vulnerabilities.
All of this is highlighted in WatchGuard Technologies’ Internet Security By report, which also details the top trends in malware and network security threats in Q2 2022.
“Although malware attacks overall in Q2 were down from the all-time highs seen in previous quarters, more than 81% of detections occurred over TLS-encrypted connections, continuing a worrying upward trend,” Corey notes. Nachreiner, CSO of WatchGuard.
Malware and network security threats
Key takeaways from the data include a decline in overall malware detections from spikes seen in the first half of 2021, an increase in threats to Chrome and Microsoft Office, a resurgence of the Emotet botnet, and more.
Other important conclusions of the Internet Safety Report for the second quarter are the following:
- Office exploits continue to spread more than any other category of malware. In fact, the biggest incident of the quarter was the Follina Office exploit (CVE-2022-30190), which was first reported in April and was not patched until the end of May. Distributed via a malicious document, Follina was able to bypass Windows Protected View and Windows Defender and has been actively exploited by threat actors, including nation-states. Three other Office exploits (CVE-2018-0802, RTF-ObfsObjDat.Gen, and CVE-2017-11882) were widely detected in Germany and Greece.
WatchGuard Threat Lab Reports Declining Malware Volume, Encrypted Malware Rising, and Actively Exploited Office Vulnerabilities
- Endpoint malware detections were down overall, but not to the same extent. Despite a 20% drop in total endpoint malware detections, malware exploiting browsers collectively increased by 23%, with Chrome up 50%. One possible reason for the increase in Chrome detections is the persistence of various zero-day exploits. Scripts continued to account for the largest share of endpoint detections (87%) in Q2.
- The Top 10 signatures accounted for more than 75% of network attack detections. This quarter has seen an increase in attacks on ICS and SCADA systems that control industrial equipment and processes, including new signatures (WEB Directory Traversal -7 and WEB Directory Traversal -8). The two signatures are very similar; the former exploits a vulnerability first discovered in 2012 in specific SCADA interface software, while the latter is the most frequently detected in Germany.
- The resurgence of Emotet is noticeable. Although Emotet volume has decreased since last quarter, Emotet remains one of the biggest threats to network security. XLM.Trojan.abracadabra, a Win code injector that spreads the Emotet botnet, was one of the top 10 most detected malware of the quarter and one of the top 5 most encrypted.
George is Digismak’s reported cum editor with 13 years of experience in Journalism