The third quarter of 2024 saw a significant surge in endpoint malware detections, with a dramatic 300% increase quarter over quarter, as reported by WatchGuard. This increase was largely driven by cybercriminals shifting tactics and using legitimate websites and documents to spread malware. As social engineering tactics became more prevalent, attackers began exploiting platforms like OneNote to bypass strict anti-macro protections on Word, Excel, and PowerPoint documents. The rise in this type of attack highlighted the growing sophistication of cybercriminals as they turned to more deceptive methods to execute their attacks.
In addition to the shift towards social engineering, attackers increasingly targeted vulnerabilities in WordPress plugins. By exploiting these weaknesses, they gained control over websites to distribute malicious software like SocGholish, which tricks users into downloading malware under the guise of browser updates. With WordPress powering nearly half of all websites globally, this trend has raised alarms about the widespread impact of these attacks, which leverage the credibility of legitimate websites to infect users.
Another worrying trend observed in the report was the rise in cryptomining malware, which uses victims’ computing resources to mine cryptocurrencies like Bitcoin. As the value of cryptocurrencies has rebounded, cryptominers have become an attractive avenue for cybercriminals seeking to profit from users’ devices. These malware strains often exhibit additional malicious behaviors, increasing the severity of the infection and making it harder to detect. As a result, organizations are urged to adopt advanced AI-powered threat detection systems alongside traditional anti-malware measures.
Despite the rise in social engineering and endpoint malware detections, overall malware attacks saw a 15% decline compared to the previous quarter. This decrease suggests that while fewer new malware strains were created, attackers expanded their tactics and exploited existing techniques to infect systems. The report also revealed that only 20% of malware detections evaded signature-based detection methods, indicating that zero-day attacks, which bypass traditional defenses, were less prevalent. Ransomware incidents continued to decline, but the number of ransomware operators remained higher than in the second quarter of 2024.
