This was despite overall network detections of malware during the quarter fell by almost half compared to Q4.
There was also a 23 per cent decrease in ransomware detections compared the previous quarter, with zero-day malware detections falling by 36 per cent.
The report also shows that the Pandoraspear malware, which targets smart TVs running an open-source Android OS, jumped into the top 10 most widely detected malware list, highlighting the potential risk of vulnerabilities in IoT devices for enterprise security.
"The findings from the Q1 2024 Internet Security Report demonstrate the importance for organisations of all sizes to secure internet-connected devices regardless of whether they are used for business or entertainment purposes," said Corey Nachreiner, chief security officer at WatchGuard. "As we have seen in many recent breaches, attackers can gain a foothold in an enterprise network through any connected device and move laterally to do tremendous damage to critical resources and exfiltrate data. It is now imperative for organisations to adopt a unified security approach, which can be governed by managed service providers, that includes broad monitoring of all devices and endpoints."
Other key findings from the report include:
• The average volume of malware detections per WatchGuard Firebox plummeted by almost half (49 per cent) during the first quarter, while the amount of malware delivered over an encrypted connection swelled by 14 points in Q1 to 69 per cent.
• A new variant of the Mirai malware family that targeted TP-Link Archer devices by using a newer exploit (CVE-2023-1389) to access compromised systems emerged as one of the most widespread malware campaigns of the quarter. The Mirai variant reached almost 9 per cent of all WatchGuard Fireboxes around the globe.
• In Q1, chromium-based browsers were responsible for producing more than three-quarters (78 per cent) of the total volume of malware originating from attacks against web browsers or plugins, a significant rise compared to the previous quarter (25 per cent).
• A vulnerability in the widely used HAProxy Linux-based load balancer application, which was first identified in 2023, was among the top network attacks of the quarter. The vulnerability shows how weaknesses in popular software can result in a widespread security problem.