New WatchGuard Threat Lab Report Uncovers Widespread Detection of ‘Pandoraspear’ Malware Targeting Enterprise Smart TVs

Analysis shows spike in endpoint malware detections, widespread targeting of Chromium-based browsers to start the year


SEATTLE, June 05, 2024 (GLOBE NEWSWIRE) -- WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, a quarterly analysis detailing the top malware, network, and endpoint security threats observed by WatchGuard Threat Lab researchers during this year’s first quarter.

Among the report’s key findings are that while overall network detections of malware during the quarter fell by nearly half compared to the previous quarter, detections of malware targeting endpoints increased by 82%. There was a 23% decrease in ransomware detections compared to Q4 2023, with zero-day malware detections falling by 36%. The report also shows that the Pandoraspear malware, which targets smart TVs running an open-source Android OS, jumped into the top 10 most widely detected malware list, highlighting the potential risk of vulnerabilities in IoT devices for enterprise security.

“The findings from the Q1 2024 Internet Security Report demonstrate the importance for organizations of all sizes to secure internet-connected devices regardless of whether they are used for business or entertainment purposes,” said Corey Nachreiner, chief security officer at WatchGuard. “As we have seen in many recent breaches, attackers can gain a foothold in an enterprise network through any connected device and move laterally to do tremendous damage to critical resources and exfiltrate data. It is now imperative for organizations to adopt a unified security approach, which can be governed by managed service providers, that includes broad monitoring of all devices and endpoints.”

Additional key findings from WatchGuard’s Q1 2024 Internet Security Report include:

  • The average volume of malware detections per WatchGuard Firebox plummeted by nearly half (49%) during the first quarter, while the amount of malware delivered over an encrypted connection swelled by 14 points in Q1 to 69%.

  • A new variant of the Mirai malware family that targeted TP-Link Archer devices by using a newer exploit (CVE-2023-1389) to access compromised systems emerged as one of the most widespread malware campaigns of the quarter. The Mirai variant reached nearly 9% of all WatchGuard Fireboxes around the globe.

  • This quarter, Chromium-based browsers were found to be responsible for producing more than three-quarters (78%) of the total volume of malware originating from attacks against web browsers or plugins, a significant rise compared to the previous quarter (25%).

  • A vulnerability in the widely used HAProxy Linux-based load balancer application, which was first identified in 2023, was among the top network attacks of the quarter. The vulnerability shows how weaknesses in popular software can lead to a widespread security problem.

Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts.

For a more in-depth view of WatchGuard’s research, download the complete Q1 2024 Internet Security Report here: https://www.watchguard.com/wgrd-resource-center/security-report-q1-2024

About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.


For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.orgSubscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.

####

 

Contact Data