A report from WatchGuard has revealed a 300% spike in endpoint malware, as threat actors target legitimate web services and documents. Other findings from the provider’s Threat Lab Report flags include a resurgence of cryptomining malware, an increase in signature-based and social engineering attacks and a notable surge in attacks across EMEA.

While Microsoft documents such as Word and Excel have long been targets for deceiving users into downloading malicious software, strict anti-macro protections on Word, Excel and PowerPoint Office files have led attackers to use OneNote files to deliver Qbot (a remote access botnet trojan), according to WatchGuard’s quarterly analysis.

Another major threat involves the exploitation of vulnerabilities in WordPress plug-ins. Attackers use these weaknesses to hijack websites, distributing malware such as SocGholish, which deceives users with fake browser update prompts before executing malicious software. WordPress hosts over 488 million websites worldwide – around 43% of all websites on the internet.

“The findings from our Q3 2024 Internet Security Report demonstrated a dramatic shift in traditional versus evasive malware threats,” said Corey Nachreiner, chief security officer at WatchGuard Technologies.

“These findings illustrate how quickly the threat landscape can evolve. Organisations of all sizes should consider adopting AI-powered threat detection to spot unexpected traffic patterns and reduce dwell time, ultimately reducing the cost of a breach but also maintaining their traditional antimalware controls too.”

---