sb-nz logo
Story image

Evasive malware reaches record levels - WatchGuard report

25 Mar 2020

WatchGuard’s most recent Internet Security Report indicates that malware cases are surging again, with ‘evasive’ malware reaching record levels.

According to the data, collected from WatchGuard’s Firebox security appliances over Q4 2019, evasive malware accounted for two thirds of all detections – a massive jump from the 2019 average of 35%.

“Q4 2019 saw an explosion in zero day malware (which is malware that signature-based protections missed during the first few days or weeks of its release) reaching an all-time high of 68% of total detected malware. This is up from the approximate 37% average of 2018 and 2019, making Q4 2019  the worst malware quarter on our books,” the report says.

WatchGuard suggests that evasive malware is now becoming the norm rather than the exception, which means organisations that need to protect themselves must deploy even more advanced anti-malware solutions.

“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” says WatchGuard’s chief technology officer Corey Nachreiner.

“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security. Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”

The report also notes that phishing campaigns and malware are still exploiting old software vulnerabilities. A ‘dropper’ exploit ranked number seven on WatchGuard’s top malware list targets a Microsoft Excel vulnerability from 2017. It downloads malware including the Agent Tesla keylogger. The dropper heavily targeted the United Kingdom, Germany, and New Zealand.

The report also found that hackers are opting for automated malware distribution because many attacks hit 70-80% of all Fireboxes in a single country. This could be explained by automation, WatchGuard states.

SQL injection attacks became the top network attack in 2019, the report says.  – SQL injection attacks grew % in total between 2018 and 2019, becoming the most common network attack of the year by a significant margin.

Mac adware also became more popular in Q4. WatchGuard explains that one of the top compromised websites WatchGuard detected in hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update. This lines up with a MalwareBytes report from February 2020 that showed a rise in Mac malware, particularly adware.

In Q4 2019 Firebox appliances blocked over 34,500,000 malware variants in total (859.5 samples per device) and approximately 1,879,000 network attacks (47 attacks per device).

Link image
Frost & Sullivan delves deep into authentication
rost & Sullivan examines the considerations an organisation must take into account when formulating its authentication strategy. More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
ManageEngine launches suite of enterprise security solutions
The new solutions allow security teams to supervise remote sessions which are providing access to critical systems, says ManageEngine.More
Story image
Zero trust security gaining momentum as a cybersecurity model
The model is centred on the belief that organisations should not automatically trust anything inside or outside its perimeters and instead must verify anything trying to connect to its systems before granting access, according to CSO.More
Story image
Interview: RSA explains security in the epoch of IT disruption
We discussed cybersecurity in terms of how it fits into business continuity, as well as the threat landscape, and what RSA is currently doing to assist businesses that need protection.More
Story image
New stalkerware tech wreaking havoc on personal privacy
Stalkerware, which tracks and stalks victims using their own devices, is not a new concept but researchers at Kaspersky have found a new sample of it, which it says supersedes all previously found software. More