In a shocking revelation from WatchGuard Technologies, the latest Internet Security Report unveiled a disturbing trend where cybercriminals are utilizing blockchains to host harmful content. The report, released on October 15, 2024, highlights several new malware threats that emerged in the second quarter of the year, signaling a shift in attack strategies by threat actors.

Amid the findings, it was noted that 7 out of the top 10 malware threats identified were entirely new. Notable among these was Lumma Stealer, a sophisticated malware designed to exfiltrate sensitive data from hacked systems. Additionally, a variant of the Mirai Botnet was reported, which targets smart devices, turning them into bots under the control of cybercriminals. Another significant threat, LokiBot, targets both Windows and Android platforms, primarily stealing user credentials.

The report also highlighted a concerning new technique called EtherHiding. This method embeds malicious PowerShell scripts within blockchains—most notably in Binance Smart Contracts. Attackers are employing deceptive tactics, such as displaying fake error messages on compromised websites, urging victims to 'update their browser.' The implications of this are grave; once malicious code is entrenched in blockchains, it can remain there indefinitely, making it a persistent threat.

Corey Nachreiner, WatchGuard’s Chief Security Officer, remarked on the cyclical nature of threat actor behaviors, emphasizing how they tend to latch onto trending tactics. 'Our findings reinforce the need for businesses to routinely update and patch their systems to close security loopholes before they are exploited,' he stated. He further advocated for a defense-in-depth strategy, effective management by dedicated service providers, and proactive measures to combat emerging security threats.

In addition to the alarming new trends, the report provided several noteworthy statistics: Overall malware detections decreased by 24%. However, this drop coincided with a 35% decline in signature-based detections, indicating a shift toward more evasive malware types. Network attacks surged by 33% compared to the previous quarter, with the Asia Pacific region accounting for a staggering 56% of detections—an increase that more than doubles previous rates. The NGINX vulnerability, first identified in 2019, emerged as the top single point of attack, representing about 29% of total network attacks in Q2 2024. A significant 74% of all browser-targeted malware attacks focused on Chromium-based browsers, including Google Chrome and Microsoft Edge.

The report also showcased the Fuzzbunch hacking toolkit, which surfaced as a major endpoint threat. Stolen from the NSA-linked Equation Group during a 2016 breach, it continues to be a tool for cybercriminals targeting Windows systems.

Interestingly, credential-stealing malware was identified through the trojan.html.hidden.1.gen signature, affecting numerous users, particularly targeting students and faculty from Valdosta State University in Georgia.

As cyber threats evolve, continuous innovation in cybersecurity measures is crucial. To gain detailed insights into these emerging threats, download the complete Q2 2024 Internet Security Report from WatchGuard.

Stay vigilant and protect your data—cybercriminals are adapting, and so must we!