Quarterly Security Update: May 2025

Welcome to the first of our Quarterly Security Updates. Each quarter, we’ll bring you a snapshot of the latest malware trends, new and notable threats plus the latest top tips from our security experts. The content is technical but we hope it gives your care homes a good overview of some of the current risks affecting you and the sector.

Malware Trends

Total network-based malware detections almost doubled, increasing 94%. Network exploits continued to bombard organisations in Q4 2024, with attack volumes remaining high and a mix of both old and new threats. In fact, many tried-and-true exploits persisted as top attacks this quarter, underscoring that attackers stick with what works.
Strangely, endpoint unique malware detection shows a completely different picture, decreasing about 91% QoQ, and showing the lowest volume of unique detections we saw last year.
Not only were endpoint unique malware detections down, but new malware threats also hit an all-time low of only 8 new threats per 100,000 malware detections. In general, we saw less targeted malware that only affected one or a few machines, and rather generic, sometimes-old malware that affected many machines
60% of malware spread over encrypted connections (TLS) during Q4, which is an 8pt increase from last quarter, and a continued increase for the year, indicating the growing role in more proactive anti-malware services catching sophisticated, evasive malware, like zero-day malware, when it comes from encrypted channels

Spotlight: Social Engineering – beware the fake IT help desk

The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations. This is how hackers targeted Marks & Spencer, Co-op and Harrods in recent weeks. GHM will always authenticate who we are when calling our support desk.

Other examples of social engineering techniques that employees should watch out for right now include offers of free software, work-related emails that look real or official, surfing social media during work, accepting fake LinkedIn invitations and name-dropping in emails.

Your key takeaways!

Patch, patch, patch. Companies should focus on a two pronged approach of patching old holes and keeping up with new threats. Strive to patch everything possible as quickly as you can. If that’s unachievable, take the time to develop a risk-based policy. Employ automated patching (check with your MSP that automated patching can be done with the Remote Monitoring and Management (RMM) solution they use as not all do it).

Here at GHM we combine automated patching with good old fashioned manual checks and recently moved a new client from a threat score of 80% down to 0% using this approach.

Protect Linux computers, Macs and IoT the same as Windows. We all now that attackers, by far more often, target the Windows operating system (OS) with malware and attack it over any other. However, just because Windows is the biggest target doesn’t mean attackers aren’t targeting other devices. This quarter, we saw a rise in Top 20 malware that affected Linux machines, including coinminers, which tend to prefer Linux servers. In short, your server should have good endpoint detection and response software too. Luckily our products like EPDR work great on Windows, Mac, or Linux machines.

Embrace a Defence-in-Depth Approach to Combat Evolving Malware. We have observed fluctuations in the prevalence of network and endpoint malware; while this quarter’s findings indicate a rise in network-based threats, endpoint malware detections have notably decreased. This dynamic nature of threats requires a multi-layered approach to ensure comprehensive protection against the diverse tactics employed by cybercriminals.