ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Ransomware volume doubled 2021 total by end of Q1 2022

By Shannon Williams
Thu 30 Jun 2022

Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to a new report. 

WatchGuard Technologies has announced findings from its most recent quarterly Internet Security Report, detailing the top malware trends and network security threats analysed by WatchGuard Threat Lab researchers. 

Other top findings from the research revealed the Emotet botnet coming back in a big way, the infamous Log4Shell vulnerability tripling its attack efforts, malicious cryptomining activity, and much more.

"Based on the early spike in ransomware this year and data from previous quarters, we predict 2022 will break our record for annual ransomware detections," says Corey Nachreiner, chief security officer at WatchGuard. 

"We continue to urge companies to not only commit to implementing simple but critically important measures but also to adopt a true unified security approach that can adapt quickly and efficiently to growing and evolving threats."

Other key findings from the Internet Security Report, which analyses data from Q1 2022, include:

Ransomware goes nuclear Although findings from the Threat Labs Q4 2021 Internet Security Report showed ransomware attacks have been trending down year-over-year, that all changed in Q1 2022 with a massive explosion in ransomware detections. Strikingly, the number of ransomware attacks detected in Q1 has already doubled the total number of detections for all of 2021.

LAPSUS$ emerges following REvil's downfall Q4 2021 saw the downfall of the infamous REvil cybergang, which, in hindsight, opened the door for another group to emerge LAPSUS$. WatchGuards Q1 analysis suggests the LAPSUS$ extortion group, along with many new ransomware variants such as BlackCat, the first known ransomware written in the Rust programming language, could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.

Log4Shell makes its debut on the top 10 network attacks list Publicly disclosed in early December 2021, the infamous Apache Log4j2 vulnerability, also known as Log4Shell, debuted on the top 10 network attack list fashionably late this quarter. Compared to aggregate IPS detections in Q4 2021, the Log4Shell signature nearly tripled in the first quarter of this year. Highlighted as the top security incident in WatchGuard's last Internet Security Report, Log4Shell garnered attention for scoring a perfect 10.0 on CVSS, the maximum possible criticality for a vulnerability, and because of its widespread use in Java programs and the level of ease in arbitrary code execution.

Emotet's comeback tour continues Despite law enforcement disruption efforts in early 2021, Emotet accounts for three of the top 10 detections and the top widespread malware this quarter following its resurgence in Q4 2021. Detections of Trojan.Vita, which heavily targeted Japan and also appeared in the top five encrypted malware list, and Trojan.Valyria both use exploits in Microsoft Office to download the botnet Emotet. The third malware sample related to Emotet, MSIL.Mensa.4, can spread over connected storage devices and mostly targeted networks in the US. Threat Lab data indicates Emotet acts as the dropper, downloading and installing the file from a malware delivery server.

PowerShell scripts lead the charge in surging endpoint attacks Overall endpoint detections for Q1 were up about 38% from the previous quarter. Scripts, specifically PowerShell scripts, were the dominating attack vector. Accounting for 88% of all detections, scripts single-handedly pushed the number of overall endpoint detections clear past the figure reported for the previous quarter. PowerShell scripts were responsible for 99.6% of script detections in Q1, showing how attackers are moving to fileless and living-off-the-land attacks using legitimate tools. Although these scripts are the clear choice for attackers, WatchGuards data shows that other malware origin sources shouldn't be overlooked.

Legitimate cryptomining operations associated with malicious activity All three new additions to the top malware domains list in Q1 were related to Nanopool. This popular platform aggregates cryptocurrency mining activity to enable steady returns. These domains are technically legitimate domains associated with a legitimate organisation. However, connections to these mining pools almost always originate in a business or education network from malware infections versus legitimate mining operations.

Businesses still facing a wide range of unique network attacks While the top 10 IPS signatures accounted for 87% of all network attacks; unique detections reached their highest count since Q1 2019. This increase indicates that automated attacks are focusing on a smaller subset of potential exploits rather than trying everything in the kitchen sink. However, businesses are still experiencing a wide range of detections.

EMEA continues to be a hotspot for malware threats Overall regional detections of basic and evasive malware show Fireboxes in Europe, the Middle East, and Africa (EMEA) were hit harder than those in North, Central, and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%. 

WatchGuard's quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Labs research efforts. In Q1, WatchGuard blocked a total of more than 21.5 million malware variants (274 per device) and nearly 4.7 million network threats (60 per device). The full report includes details on additional malware and network trends from Q1 2022, recommended security strategies and critical defense tips for businesses of all sizes and in any sector, and more.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Artificial Intelligence
Runecast's award-winning platform future-proofs businesses
Runecast provides both security and operations teams with what a few industry experts have called a 'must-have' solution.
Story image
Partner awards
Vertiv recognises outstanding 2021 A/NZ channel partners
Vertiv has recognised the exceptional contributions that its Australia and New Zealand channel partners made to its IT and mechanical and electrical (M&E) businesses in 2021.
Story image
BAI Communications Australia
BAI Communications to help improve mobile coverage across regional NSW
Deputy Premier and Minister for Regional NSW Paul Toole said regional communities deserve reliable and affordable mobile services.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Security vulnerabilities
Flashpoint says vulnerability disclosure ‘highly volatile’
Flashpoint has released The State of Vulnerability Intelligence: 2022 Midyear Edition, finding that the current state of the vulnerability disclosure landscape is ‘highly volatile’.
Story image
Gaming
Hands-on review: SteelSeries Apex Pro Mini Keyboard
SteelSeries has taken the design of its range of Apex keyboards to create a smaller version, the Apex Pro Mini. Techday’s Darren Price checks it out.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Wiise
Discover why cloud ERP is central to a growing business' tech stack. Sign up now for free.
Link image
Story image
Gaming
Logitech G’s new Aurora collection looks to help change gaming stereotypes
The company’s new Aurora collection is designed to be gender inclusive, not gender exclusive, addressing the needs and wants of women gamers while also still appealing to a wider general audience.
Story image
SAP
OutSystems joins SAP PartnerEdge program, integrates solutions
OutSystems has become an official member of the SAP PartnerEdge program. This will make it easier for other businesses within the SAP ecosystem to discover and connect with OutSystems.
Story image
Phishing
Top universities lagging on basic cybersecurity - report
Universities in Australia, the US and the UK are lagging on basic cybersecurity measures, creating higher risks of email-based impersonation attacks.
Story image
Artificial Intelligence
Why smarter healthcare depends on data and automation
The pandemic has acted as a fierce catalyst for change. It’s strong-armed industries across the globe to embrace a world of new. Nowhere is that more evident than in healthcare.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Data
Consumers will stop doing business over data practices
“Data privacy remains a concern for consumers when it comes to sharing their information with an online retailer with an unclear view of privacy laws."
Story image
Digital Transformation
Macquarie Telecom rolls out SD-WAN services for mycar Tyre & Auto
Macquarie Telecom says it has rolled out NBN and SD-WAN services to more than 270 mycar Tyre & Auto stores across Australia. 
Story image
Phishing
Phishing, software vulnerabilities cause 70% of cyber incidents
The heavy use of software vulnerabilities matches the opportunistic behaviour of threat actors who scour the internet for vulnerabilities and weak points.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Sustainability
Phronesis Security achieves B-Corp certified status
Phronesis Security has become the first cyber security company in Australia to achieve the coveted B Corp certification, having been certified since June 2022. 
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Mobile Device Management / MDM
Claroty's Team82 uncovers two vulnerabilities in FileWave’s MDM system
Claroty’s research arm (Team82) has uncovered and disclosed two critical vulnerabilities in FileWave’s Mobile Device Management (MDM) system.
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Product Management
TeamViewer and Siemens to innovate product lifecycle space with AR
TeamViewer's new partnership with Siemens Digital Industries Software to bring the power of TeamViewer's AR platform, Frontline, to Siemen Teamcenter software.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
Check Point
Ransomware now impacts 1 out of 40 organisations a week
Retailers and the wholesale sector saw the largest spike in ransomware attacks, with an alarming increase of 182%.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Sustainability
Green hydrogen company Hysata raises AUD $42.5 million
Global investors are supporting Hysata's hydrogen electrolyser technology as the organisation closes its oversubscribed Series A funding round of AUD $42.5 million. 
Story image
Identity and Access Management
Pitney Bowes launches rebranded management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Appointments
Tech job moves - Checkmarx, Kinly, Syniti, Trellix & WalkMe
We round up all job appointments from July 22-28, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Infrastructure
Rimini Street announces new suite of security solutions for enterprises
Rimini Street has announced the launch of Rimini Protect, a new suite of security solutions set to provide a more comprehensive layer of security.
Story image
Microsoft
SaaS sector in NZ thriving as a result of trans -Tasman partnerships
New Zealand's Software-as-a-Service (SaaS) sector is on track to be the biggest contributor to GDP this year, generating more than NZD$20 billion for the New Zealand economy.