14 April 2025
WatchGuard® Technologies, a global leader in unified cybersecurity, has released its latest Internet Security Report, revealing troubling trends in the cybersecurity landscape based on the research conducted by the WatchGuard Threat Lab during the fourth quarter of 2024. The report highlights a notable increase in various malware, network, and endpoint security threats, signalling a continuing escalation in cyber risks.
The report indicates a staggering 94% increase in network-based malware detections quarter-over-quarter. This rise reflects a broader trend of increasing threats, as overall malware detections also grew significantly, including a 6% rise in Gateway AntiVirus (GAV) detections and a 74% increase in Advanced Persistent Threat (APT) Blocker detections. The most remarkable surge was from proactive machine learning detection offered by IntelligentAV (IAV), with a 315% increase, showcasing its effectiveness in detecting sophisticated and evasive malware, including zero-day threats that utilize encrypted channels.
The detection of crypto miners soared by 141% quarter-over-quarter. This reflects the increasing use of malicious coin miners, which function to acquire cryptocurrency surreptitiously, particularly as the price and popularity of Bitcoin rise.
Zero-Day malware incidences rebounded to 53%, up from an all-time low of 20% reported in Q3, reinforcing the trend of malware distribution through encrypted connections, which often deliver more sophisticated threats.
The total number of unique malware threats decreased significantly, showing a historic 91% decline. This trend could be attributed to a reduction in targeted attacks and a shift towards a higher incidence of generic malware.
Network assaults dropped by 27% from the previous quarter, yet many well-known exploits continued to feature as top threats, indicating that attackers often rely on established, effective methods.
The report's findings illustrated that the top phishing domains remained unchanged, indicating the sustained use of effective phishing tactics, particularly those related to business email compromise (BEC) that target organizations using Office 365 services.
A significant trend in attacks was the use of living off-the-land (LotL) techniques, which leverage legitimate system tools. For instance, 61% of endpoint attack techniques involved PowerShell, accounting for nearly 83% of all endpoint attack vectors, with 97% originating from PowerShell, indicating a heavy reliance on this scripting environment by threat actors.
Over half of the top 10 network detections were categorized as generic signatures, highlighting that attackers are increasingly targeting common vulnerabilities in web applications.
Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, emphasized the need for vigilance in the face of evolving threats, pointing out that both traditional vulnerabilities and more sophisticated evasive malware tactics are being exploited by cybercriminals. He advised organizations to prioritize regular updates, monitor for unusual activities, and implement layered defenses to strengthen their security postures.
As organizations navigate the complex terrain of cybersecurity, the findings from WatchGuard’s Q4 2024 Internet Security Report underscore the critical need to adopt proactive measures and advanced technologies to defend against an ever-evolving landscape of cyber threats. The data presented is based on anonymized and aggregated threat intelligence from actively utilized WatchGuard network and endpoint products, underscoring the importance of collaborative efforts in combating cybercrime.
