The latest Quarterly Internet Security Report shows unrelenting growth of new attack techniques and malware, highlighting the need for layered defenses, advanced threat prevention, and stringent security policies
WatchGuard Technologies has announced the findings of its quarterly Internet Security Report (https://www.watchguard.com/wgrd-resource-center/security-report), which explores the latest computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises. The research revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasising the importance of layered security and advanced threat prevention solutions.
“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof. Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”
The ever-growing mob of constantly evolving security threats can seem overwhelming to the average small business with limited staff and resources. WatchGuard’s Internet Security Report examines the modern threat landscape and delivers key data, educational guidance and in-depth research to help readers understand the latest attack trends and update their defences. Major findings from the Q3 2017 report include:
– Scripting threats account for 68 percent of all malware. WatchGuard’s Gateway AntiVirus (GAV) solution uses signatures that block various types of JavaScript and Visual Basic Script threats, such as downloaders. The sum total of these script-based attacks accounted for the vast majority of the malware detected in Q3.
– Malware quantities have skyrocketed; a trend that will likely continue. Total malware instances spiked by 81 percent this quarter over last. With more than 19 million variants blocked in Q3 and the holiday season approaching, malware attempts will likely increase dramatically in Q4 as well.
– Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.
– Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioural detection solutions are still the most effective way to block advance persistent threats.
– Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious, and often malicious sites. While potentially malicious iframes showed up everywhere, including the U.S. and Canada, their numbers jumped significantly in both Great Britain and Germany.
– Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials (like Mimikatz) returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.
WatchGuard’s Internet Security Report is based on anonymised Firebox Feed data from nearly 30,000 active WatchGuard UTM appliances worldwide, which blocked more than 19 million malware variants and 1.6 million network attacks in Q3. The complete report includes defensive strategies for responding to the latest attack trends, based on analyses of the quarter’s top malware and network threats. The report also examines the growing trend of supply chain attacks by evaluating the most notable instances from Q3 – NetSarang, Ccleaner and fake Python packages.
WatchGuard Threat Lab’s latest research project – a detailed analysis on Q3 phishing trends – is highlighted in the report as well. This project features email spam and malware data captured by the team’s “Artemis” honeynet, which is now publicly available on GitHub for download and use: https://github.com/WatchGuard-Threat-Lab
For more information, download the full report here: https://www.watchguard.com/wgrd-resource-center/security-report.
Summary: https://p.widencdn.net/8jd0ow/WG_Threat_Report_Q3-2017_Summary
Infographic: https://p.widencdn.net/fi6h9m/Internet_Security_Report_InfoGraphic_Q3_2017
About WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit www.watchguard.com
For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard, on Facebook: https://www.facebook.com/watchguardtechnologies, or on the LinkedIn Company page: http://www.linkedin.com/company/watchguard-technologies. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org.