While new research shows a decrease in total perimeter malware detection volume in the third quarter from the record highs in the second quarter, there was still more malware activity through the first three quarters than all of 2020.
The report from endpoint protection provider WatchGuard Technologies also found that nearly half of zero-day malware is now delivered via encrypted connections, with Transport Layer Security (TLS)-delivered malware jumping from 31.6% to 47%.
This suggests that many organizations aren’t decrypting these connections and have poor visibility into the amount of malware hitting their networks.
The report also sheds light on new attack vectors as users upgrade to new versions of Microsoft Windows and Office, with attackers focusing on new vulnerabilities while still leveraging older, unpatched bugs.
However, a 2018 vulnerability in the Equation Editor in Microsoft Office became one of the top 10 gateway antivirus malware by volume list, hitting the 6th on the company’s list.
The company also cited two Windows code injectors (Win32/Heim.D and Win32/Heri) as some of the most detected gateway antivirus malware.
The report also confirms the increasing proliferation of ransomware, finding that ransomware attacks are on pace to reach 150% of 2020 volume when full-year data becomes available.
According to WatchGuard, scripting attacks on endpoints also continued at a record pace, with the company seeing 10% more attack scripts than in all of 2020 by the end of the third quarter.
In a statement, Corey Nachreiner, chief security officer at WatchGuard, said despite the drop of network attacks in the third quarter, malware per device was up for the first time since the pandemic began.
The report found that WatchGuard blocked a total of more than 16.6 million malware variants in the quarter, which comes out to 454 per device, an increase from the 438 per device in the second quarter.
“Looking at the year so far as a whole, the security environment continues to be challenging,” he said. “It’s important that organizations go beyond the short-term ups and downs and seasonality of specific metrics, and focus on persistent and concerning trends factoring into their security posture.”