Cybercriminals turn to stealth to bypass malware detection
A new report reveals a 40 percent (quarter-over-quarter) increase in evasive, advanced malware. The data highlights encrypted channels as adversaries' favored attack vector using Transport Layer Security (TLS), the encryption protocol behind most secure web traffic.
The study from WatchGuard Technologies, which provides cybersecurity for MSPs, shows 70 percent of all malware is now delivered via encrypted connections, the findings highlight attackers’ increasing reliance on obfuscation and stealth, and the need for organizations to improve visibility into encrypted traffic and adopt flexible protection strategies.
The WatchGuard Threat Lab has also observed a slight rise in network attacks, increasing by 8.3 percent. At the same time, the diversity of attacks has narrowed, with 380 unique signatures triggered compared to 412 last quarter.
Among other findings new, unique malware threats have risen 26 percent, showing how common packing encryption, a type of malware evasion, is with threat actors. These polymorphic threats evade signature-based detection, driving higher hits by WatchGuard’s advanced services such as APT Blocker (Advanced Persistent Threat Blocker) and IntelligentAV numbers.
Ransomware declined by 47 percent over the period, reflecting a shift toward fewer but more impactful attacks on high-profile targets that result in larger consequences. Network malware has been dominated by droppers, with seven of the top ten detections being first-stage payloads, including Trojan.VBA.Agent.BIZ and credential stealer PonyStealer, exploiting user-enabled macros for initial compromise.
See also:
Ransomware payments hit record highs as threats get harder to detect
SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware
Open source malware up 140 percent
Zero-day malware continues to dominate, making up over 76 percent of all detections and nearly 90 percent of encrypted malware. These findings underscore the need for advanced detection capabilities beyond signatures, particularly for threats concealed within TLS traffic.
“Across Q2, the report’s findings point to a rise in evasive malware over encrypted channels as attackers work hard to bypass detection and maximize impact,” says Corey Nachreiner, chief security officer at WatchGuard Technologies. “For resource-constrained MSPs and lean IT teams, this shift means the real challenge is adapting quickly with powerful measures. Consistent patching, proven defenses, and advanced detection and response technologies that can act quickly remain the most effective countermeasures to mitigate these threats.”
The full report is available from the WatchGuard site.
Image credit: Olenasvetlychna/Dreamstime.com