Content, Content, Malware, Ransomware, Threat Intelligence

Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts

A “massive explosion” in ransomware detections in the first quarter of 2022 should prompt organizations globally to double down on their cybersecurity efforts.

So, MSSPs and MSPs take note. You’re expertise is needed now more than ever.

In fact, the quarterly Internet Security Report from WatchGuard Technologies, released June 28, warns that although ransomware attacks have been trending down year-over-year, the number of them detected in the first quarter of 2022 has already doubled the detections during all of 2021.

Corey Nachreiner, chief security officer at WatchGuard, sounds the alarm:

“Based on the early spike in ransomware this year and data from previous quarters, we predict 2022 will break our record for annual ransomware detections. We continue to urge companies to not only commit to implementing simple but critically important measures, but also to adopt a true, unified security approach that can adapt quickly and efficiently to growing and evolving threats.”

Adding fuel to the fire, the report notes that the Emotet botnet is coming back in a big way, the infamous Log4Shell vulnerability is tripling its attack efforts and malicious cryptomining activity is growing.

To follow are more key findings from the WatchGuard report.

LAPSUS$ Emerges After REvil’s Downfall

The downfall of the infamous REvil cybergang in late 2021 apparently opened the door for the emergence of the LAPSUS$ extortion group, WatchGuard reports. LAPSUS$, the first known ransomware written in the Rust programming language, could be contributing to an ever-increasing ransomware and cyber-extortion threat landscape.

Log4Shell Debuts on the Top 10 Network Attacks List

The infamous Apache Log4j2 vulnerability, a.k.a. Log4Shell, made the top 10 network attack list late in the first quarter of 2022. Highlighted as the top security incident in WatchGuard’s previous Internet Security Report, Log4Shell scored a perfect 10 on the Common Vulnerability Scoring System (CVSS).

Emotet’s Comeback Tour Continues

Emotet accounts for three of the top 10 detections and was the leading widespread malware in the first quarter of 2022. Detections of Trojan.Vita heavily targeted Japan and appeared in the top five encrypted malware list. Also related to Emotet, MSIL.Mensa.4 malware can spread over connected storage devices and to mostly targeted networks in the US.

PowerShell Scripts Endpoint Attacks Surge

Endpoint detections in the first quarter were up about 38% from the previous quarter, with PowerShell scripts dominating attacks. Accounting for 88% of all detections, scripts single-handedly pushed higher the number of overall endpoint detections.

Legitimate Cryptomining Operations Attract Malicious Activity

Three additions to the top malware domains list in the first quarter were related to Nanopool, a platform that aggregates cryptocurrency mining. Connections to these mining pools almost always originate in a business or education network from malware infections versus legitimate mining operations.

Businesses Face a Wide Range of Unique Network Attacks

The top 10 IPS signatures accounted for 87% of all network attacks, as unique detections reached their highest count since the first quarter of 2019. Automated attacks are apparently focusing on a smaller subset of potential exploits rather than trying everything in the kitchen sink.

EMEA Still a Hotspot for Malware Threats

Regional detections of basic and evasive malware show Fireboxes in Europe, the Middle East, and Africa (EMEA) were hit harder than those in North, Central, and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.

About the WatchGuard Report

WatchGuard’s quarterly research reports are based on Firebox Feed data from active WatchGuard Fireboxes, whose owners have share data in direct support of the Threat Lab’s research efforts.

Read the full report for details on additional malware and network trends, recommended security strategies and critical defense tips for businesses.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.