Internet Security Report Q4 2024

At the highest level, network malware almost doubled, but endpoint malware reached an all-time low. We also saw sophistication in network-detected malware increase with the increase in our zero-day malware percentage, but at the endpoint, unique and new malware is way down, suggesting that what the endpoints saw was more generic and run-of-the-mill malware variants. Though these differences might seem unusual, one thing is sure – you need both network- and endpoint-based malware detection for the defense in depth necessary to prevent all these attacks.

As far as network-based attacks and exploit, those decreased by more than ¼ during Q4. While attackers did at least launch a slightly higher number of unique exploits, most of the top network attacks by volume and devices affected were almost identical to last quarter and mostly consisted of older or generic web application flaws. We still see threat actors trying to find servers vulnerable to ProxyLogin and HAProxy vulnerabilities.

That said, we have seen new trends across many of our security services. For instance, coinminers are back. Network and endpoint malware detection solutions saw an increase in them, and we saw many top malicious domains focused on malicious cryptocurrency mining or Etherhiding.