The new Watchguard Threat Lab report shows network attacks at the highest point over

At EMEA, network detection has quadrupled, with malware detection occurring at almost double the rate in the rest of the world.

5 April 2022 – WatchGuard® Technologies’ latest quarterly Internet Security Report shows a record number of blank malware detections, with improved threats increasing by 33%, indicating a higher level of threat than ever before.

Corey Nachrina

Corey Nachrina

Researchers at the Watchguard Threat Lab identified malware threats in EMEA at a much higher rate in Q4 2021 than in other parts of the world, with 49% detection of malware in each Firebox, 23% in the US and 29% in APAC. The network penetration detection trajectory has also continued to climb, with the largest total detection of any quarter in the last three years and a 39% increase in the quarter. Researchers suggest that this may be due to the continued targeting of the old vulnerabilities, as well as the growth of the organization’s networks. As new devices come online and old vulnerabilities remain unchanged, network security is becoming more complex.

“Continuous transfers to a hybrid workforce are widening the offensive surface and creating more potential security holes for companies to plug in,” said Corey Nachriner, chief security officer at WatchGuard. “We have recorded zero-day high-level threats and an attack surface that extends beyond the network to IoT, home networks and mobile devices. Companies need to adopt a truly integrated security approach that can adapt quickly and efficiently.” Growing threat landscape. Companies should promise to implement simple but critically important steps such as regularly updating and patching systems so that they do not enable hackers. “

Other key searches from this Internet Security report include:

  • 78% of malware distributed through encrypted connections is avoided – Overall, 67% of malware detection came through an encrypted connection, and of those malware detections, 78% were zero-day malware threats that avoided initial detection. This continues a trend seen in the previous quarter. These threats can often be stopped by setting up a firewall to decrypt and scan incoming traffic – a move that, unfortunately, many agencies fail to take.
  • A new leader has emerged in the office to exploit malware – Q4 2021 saw a significant increase in office documents targeting malware, similar to the results from Q3. CVE-2018-0802 remains in the top 10 malware list, dropped to No. 5 this quarter, one place above last quarter, and remains on the most comprehensive malware list. Researchers suspect that it may have replaced CVE-2017-11882 as a top office exploit.
  • Emotet returns with a vengeance – Two new malware domains were added this quarter to the list of top malware domains identified by WatchGuard. One of these domains is Skyprober[.]info, linked to Emotet, Banking Trojan which is a C2 and distribution infrastructure developed for other payloads of malware. Imtate malware saw a resurgence in Q4 2021, after a slight decline due to direct interference by U.S. law enforcement agencies.

WatchGard’s quarterly research reports are based on anonymous Firebox feed data from active WatchGard Fireboxes whose owners have chosen to share the data in direct support of Threat Lab’s research efforts. In Q4, WatchGuard blocked a total of more than 23.9 million malware variants (313 per device) and about 5.9 million network threats (75 per device). The full report includes additional malware and network trends from Q4 2021, a detailed analysis of Log4Shell vulnerabilities, proposed security strategies and important defense tips for businesses of all sizes and sectors, and more.

For details of WatchGuard’s research, read the full Q4 2021 Internet Security

About Watchguard technology
WatchGuard® Technologies is a global leader in network security, endpoint security, secure Wi-Fi, multi-factor authentication and network intelligence. The company’s award-winning products and services are trusted by more than 18,000 security resellers and service providers worldwide to protect more than 250,000 customers. WatchGard’s goal is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for mid-marketing businesses and distribution enterprises. The company is headquartered in Seattle, Washington, and has offices across North America, Europe, Asia Pacific and Latin America. To learn more, visit

For additional information, promotions and updates, follow WatchGuard on Twitter (Watchguard), On Facebook or on the LinkedIn company page. Also, visit our InfoSec blog, Secplicity, for real-time information on the latest threats at and how to deal with them. 443 – Subscribe to Security Simplified Podcasts at, or wherever you find your favorite podcasts.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other signs are the property of their respective owners.

Contact for more information
Peter Renison or Tracy Trainer, PRPR
[email protected] / [email protected]
+44 (0) 1442 245030

Leave a Reply

Your email address will not be published.