Security Market Segment LS
Wednesday, 31 March 2021 10:31

WatchGuard reports the ups and downs of malware

WatchGuard CTO Corey Nachreiner WatchGuard CTO Corey Nachreiner

Security vendor WatchGuard Technologies' Internet Security Report for Q4 2020 shows fileless malware attack rates grew by nearly 900% while unique ransomware payloads plummeted by 48%.

Fileless malware rates in 2020 increased by 888% over 2019, according to WatchGuard.

One problem with fileless attacks is that they can evade detection by traditional endpoint protection products. Another is that all it takes to become a victim is visiting a malicious or compromised web page.

Once the malware is delivered, toolkits such as PowerSploit and CobaltStrike can be used to inject malicious code into legitimate processes, which will continue to run even if the script that delivered the code is detected and removed.

Applying endpoint detection and response alongside regular anti-malware products can help identify these threats.

Cryptocurrency prices have trended upwards, and cryptominer malware detections climbed more than 25% in 2020. 850 unique variants were detected during the year.

Double-digit growth was also seen in encrypted malware attacks. In the fourth quarter of 2020, 47% of all attacks detected by WatchGuard at the network perimeter were encrypted.

A new trojan – Trojan.Script.1026663 – found its way around email scanners and entered WatchGuard's list of the top five most-widespread malware detections in the same period. An email asking victims to review an order list attachment, but the malicious document triggers a series of payloads and malicious code that ultimately installs the Agent Tesla remote access trojan (RAT) and keylogger.

Botnet malware targeting IoT devices and routers is a growing issue. The Linux.Generic virus (aka The Moon) entered WatchGuard's list of top 10 malware detections. Linux-specific malware designed for ARM processors and another payload designed for MIPS processors shows a clear attack on IoT devices.

Despite some well-publicised cases, ransomware attack volumes shrank for the second year running. The number of unique ransomware payloads also continued to fall, from a record 5,489 in 2018 to 4,131 in 2019 and 2,152 in 2020. Each variant may have infected hundreds or thousands of endpoints worldwide.

Most ransomware detections were against signatures implemented in 2017 to detect WannaCry and related variants.

The decline in volume reflects a shift from scattergun campaigns to highly targeted attacks against targets that are particularly sensitive to downtime, including healthcare organisations and manufacturing firms.

In 4Q20, WatchGuard appliances blocked more than 20.6 million malware variants (456 per device) and nearly 3.5 million network threats (77 detections per appliance).

"The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections," said WatchGuard CTO Corey Nachreiner.

"The attacks are coming on all fronts, as cyber criminals increasingly leverage fileless malware, cryptominers, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter. Effective security today means prioritising endpoint detection and response, network defences and foundational precautions such as security awareness training and strict patch management."

WatchGuard's Q4 2020 Internet Security Report is available here.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News