sb-nz logo
Story image

Evasive malware reaches record levels - WatchGuard report

25 Mar 2020

WatchGuard’s most recent Internet Security Report indicates that malware cases are surging again, with ‘evasive’ malware reaching record levels.

According to the data, collected from WatchGuard’s Firebox security appliances over Q4 2019, evasive malware accounted for two thirds of all detections – a massive jump from the 2019 average of 35%.

“Q4 2019 saw an explosion in zero day malware (which is malware that signature-based protections missed during the first few days or weeks of its release) reaching an all-time high of 68% of total detected malware. This is up from the approximate 37% average of 2018 and 2019, making Q4 2019  the worst malware quarter on our books,” the report says.

WatchGuard suggests that evasive malware is now becoming the norm rather than the exception, which means organisations that need to protect themselves must deploy even more advanced anti-malware solutions.

“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” says WatchGuard’s chief technology officer Corey Nachreiner.

“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security. Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”

The report also notes that phishing campaigns and malware are still exploiting old software vulnerabilities. A ‘dropper’ exploit ranked number seven on WatchGuard’s top malware list targets a Microsoft Excel vulnerability from 2017. It downloads malware including the Agent Tesla keylogger. The dropper heavily targeted the United Kingdom, Germany, and New Zealand.

The report also found that hackers are opting for automated malware distribution because many attacks hit 70-80% of all Fireboxes in a single country. This could be explained by automation, WatchGuard states.

SQL injection attacks became the top network attack in 2019, the report says.  – SQL injection attacks grew % in total between 2018 and 2019, becoming the most common network attack of the year by a significant margin.

Mac adware also became more popular in Q4. WatchGuard explains that one of the top compromised websites WatchGuard detected in hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update. This lines up with a MalwareBytes report from February 2020 that showed a rise in Mac malware, particularly adware.

In Q4 2019 Firebox appliances blocked over 34,500,000 malware variants in total (859.5 samples per device) and approximately 1,879,000 network attacks (47 attacks per device).