There has been a 62% increase in overall malware detections compared to Q4, 2018
There has been a 62% increase in overall malware detections compared to Q4, 2018, according to WatchGuard Technologies’ quarterly Internet Security Report for Q1, 2019. The report also found that cybercriminals are leveraging a wide array of varied attack techniques, including malicious Microsoft Office documents, Mac malware and web application exploits.
Overall, these results illustrate that in 2019, hackers are doubling down on well-known tactics like credential theft and ransomware by utilizing fake Office documents and other attack avenues that require organizations to deploy advanced defences to combat a wider variety of threat vectors.
“The key findings from this latest report illustrate the importance of layered security protections in today’s advanced threat landscape,” says WatchGuard Technologies chief technology officer Corey Nachreiner.
“Whether it be DNS-level filtering to block connections to malicious websites and phishing attempts, intrusion prevention services to ward off web application attacks or multi-factor authentication to prevent attacks leveraging compromised credentials – it’s clear that modern cybercriminals are leveraging a host of diverse attack methods and the best way for organizations to protect themselves is with a unified security platform that offers a comprehensive range of security services.”
Key findings from the Q1, 2019 report include:
Attackers continue to favor malicious Office documents – In Q1, 2019, more than 17% of Fireboxes blocked malicious Office documents, with two threats in this category making it into WatchGuard’s most widespread malware list, and one in the top 10 malware attacks by volume. Over half of these malicious documents were blocked in EMEA, largely in Eastern European countries. Users should avoid interacting with unsolicited Office documents and consider any attachments that seek to enable macros as a threat.
Mac OS malware on the rise – Mac malware first appeared on WatchGuard’s top 10 malware list in Q3, 2018, and now two variants have become prevalent enough to make the list in Q1, 2019. This increase in Mac-based malware further debunks the myth that Macs are immune to viruses and malware, and reinforces the importance of advanced threat protection for all devices and systems.
Web application exploits soar – Despite a decrease in the overall volume of network attacks in Q1, web application attacks grew significantly. WatchGuard’s IPS service caught attackers exploiting many cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities – both popular methods for credential theft. Two SQLi attacks made it onto WatchGuard’s top 10 network attacks list, while one web XSS attack accounted for more than 10% of network attacks on the top 10 list overall.
DNS filtering blocks more than 5 million malicious sites – WatchGuard’s DNSWatch service successfully prevented 5,192,883 attempted visits to nefarious destinations, blocking over half a million connections to known malware-hosting domains, 187,101 connections to compromised websites and 61,096 connections to known phishing sites. Compromised websites can be difficult to identify and block, so DNS-level filtering is critical to prevent users from unknowingly falling victim to malware infections, credential theft or botnet command and control systems.
Fileless malware stakes its claim – Fileless threats appeared in both WatchGuard’s top 10 malware and top 10 network attack lists. On the malware side, a PowerShell-based code injection attack showed up in the top 10 list for the first time in Q1, while the popular fileless backdoor tool, Meterpreter, made its first appearance in the top 10 list of network attacks too. This trend further demonstrates cybercriminals’ continued focus on utilizing this evasive threat category.
- Mimikatz malware skyrockets by 73%, remains the #1 threat – Accounting for 20.6% of all malware found in Q1, this popular open source tool is often used for password theft, and represents a major driver behind many network infiltrations. Mimikatz is a mainstay on WatchGuard’s top 10 malware list, which highlights the importance of using lengthy, complex passwords unique to each individual account. Furthermore, with cybercriminals’ persistent focus on credential theft, organizations of all sizes should consider adopting multi-factor authentication solutions in order to prevent bad actors from compromising legitimate user accounts.