July 17, 2024 New Research: Malware Targeting Enterprise Smart TVs

WatchGuard’s quarterly Internet Security Report provides in-depth insights on today’s top security threats.

by Marc Laliberte, Director of Security Operations, WatchGuard Technologies

Marked by increases in the volume and level of sophistication of cyberattacks carried out by malicious actors against organizations — regardless of their size, industry specialization or geographic location — the latest stage of evolution in cybersecurity are worrisome enough to keep IT and security leaders up at night.

To make the situation more dire, finding talented security professionals with the proper training and experience needed to combat against this hostile threat has become a significant pain point for IT and security teams; according to a recent report from Enterprise Security Group, the cybersecurity talent shortage has already impacted 71% of organizations globally.

That’s why each quarter, WatchGuard Technologies’ Threat Lab publishes a quarterly Internet Security Report to provide comprehensive analysis of evolving cyber threat trends, emerging attack vectors, major data breaches and practical mitigation strategies that IT and security teams can leverage to stay ahead of cybercriminals.

Among the key findings in the latest edition — the Q1 2024 Internet Security Report — Threat Lab researchers found that despite network malware detections dropping by nearly 50% compared to the previous quarter, endpoint malware detections surged by an astounding 82% worldwide.

However, perhaps the most notable finding from the report is around the rapid ascent of Pandoraspear malware detections targeting smart TVs that use open-source Android operating systems. This quarter marks Pandorspear’s debut on the top-10 list of most detected malware and underscores the importance of addressing potential security risks in office IoT devices.

Also detailed in the report, Threat Lab researchers observed double-digit declines in both detections of ransomware (down 23%) and Zero-Day vulnerabilities (down 36%) compared to Q4 2023, while Network attacks increased 13% in Q1 compared to the previous quarter but remain considerably down year-over-year.

Unfortunately, there’s more. On top of these trends, the WatchGuard Q1 2024 Internet Security Report also analyzed:

• A new variant of the notorious Mirai malware family targeting TP-Link Archer devices emerged as one of the most widespread malware campaigns of the quarter. The Mirai variant — which leverages a newer exploit (CVE-2023-1389) to access compromised systems — reached nearly 9% of all WatchGuard Fireboxes around the globe.
• Chromium-based browsers — an open-source browser project that’s goal is to create a safer, faster, and more stable web experience for users — were responsible for producing more than three-quarters (78%) of the total volume of malware originating from attacks against web browsers or plugins, signaling a more than 50% rise compared to the previous quarter (25%).
• Threat Lab researchers observed widespread detections of a vulnerability (CVE-2021-40346) in the widely used HAProxy Linux-based load balancer application, ranking it among the top network attacks of the quarter. Despite being discovered last year, this vulnerability shows how weaknesses in popular software, when not patched will lead to a security incident.

If it was not already, the Q1 2024 Internet Security Report’s findings make one thing clear: we have entered an era where it is imperative for organizations, regardless of size or industry, to secure all devices, especially ones that connect to their main network.

Time is of the essence; therefore, organizations grappling with hiring (and/or affording) capable security personnel should consider working with a Managed Services Provider (MSP) to reduce the time typically required to effectively bolster security operations and provide around-the-clock monitoring. Not only can MSPs provide expert security guidance, they often have relationships with top security vendors that can help reduce the financial barrier-of-entry for adopting more advanced cybersecurity solutions and strategies to protect the attack surface, from deploying XDR solutions, implementing Zero-Trust frameworks and more.

Subscribe to Industry Today