After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of 21% brought volumes down to Q1 levels, which were still high compared to the previous year. Learn more in the Q3 Internet Security Report.

WatchGuard Threat Lab Reports Endpoint Malware and Ransomware Volume Already Exceeded 2020 Totals by End of Q3 2021

Scripting attacks on endpoints set record pace, the majority of network attacks targeted the Americas, and encrypted connections are becoming the primary delivery mechanism for zero-day malware.
Scripting attacks on endpoints set record pace, the majority of network attacks targeted the Americas, and encrypted connections are becoming the primary delivery mechanism for zero-day malware

 

SEATTLE – January 19, 2022 – WatchGuard® Technologies, a global leader in network security and intelligence, advanced endpoint protection, multi-factor authentication (MFA), and secure Wi-Fi, today released its latest quarterly Internet Security Report, highlighting the top malware trends and network security threats for Q3 2021, as analyzed by WatchGuard Threat Lab researchers. The data indicates that while total perimeter malware detection volume decreased from the highs reached in the previous quarter, endpoint malware detections have already surpassed the total volume seen in 2020 (with Q4 2021 data yet to be reported). In addition, a significant percentage of malware continues to arrive over encrypted connections, continuing the trend from previous quarters.

“While the total volume of network attacks shrank slightly in Q3, malware per device was up for the first time since the pandemic began,” said Corey Nachreiner, chief security officer at WatchGuard. “Looking at the year so far as a whole, the security environment continues to be challenging. It’s important that organizations go beyond the short-term ups and downs and seasonality of specific metrics, and focus on persistent and concerning trends factoring into their security posture. An important example is the accelerating use of encrypted connections to deliver zero days. We continue to believe that the WatchGuard Unified Security Platform offers the best comprehensive protection for combatting the variety of threats organizations face today.” 

Nearly half of zero-day malware is now delivered via encrypted connections – While the total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower percentage of encrypted zero-days are considered advanced, but it is still concerning given that WatchGuard’s data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.