New WatchGuard research reveals traditional anti-malware solutions miss nearly 7...
source link: https://itwire.com/guest-articles/new-watchguard-research-reveals-traditional-anti-malware-solutions-miss-nearly-75-of-threats.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Friday, 25 June 2021 16:22
New WatchGuard research reveals traditional anti-malware solutions miss nearly 75% of threats
By WatchGuard TechnologiesWatchGuard CTO Corey Nachreiner
WatchGuard Technologies, a global leader in network security and intelligence, multi-factor authentication (MFA), advanced endpoint protection, and secure Wi-Fi, today released its Internet Security Report for Q1 2021. Notable findings include that 74% of threats detected last quarter were zero-day malware – or those for which a signature-based antivirus solution did not detect at the time of the malware release – capable of circumventing conventional antivirus solutions. The report also covers new threat intelligence on rising network attack rates, how attackers are trying to disguise and repurpose old exploits, the quarter’s top malware attacks, and more.
“Last quarter saw the highest level of zero-day malware detections we’ve ever recorded. Evasive malware rates have actually eclipsed those of traditional threats, which is yet another sign that organisations need to evolve their defenses to stay ahead of increasingly sophisticated threat actors,” said WatchGuard CTO Corey Nachreiner. “Traditional anti-malware solutions alone are simply insufficient for today’s threat environment. Every organisation needs a layered, proactive security strategy that involves machine learning and behavioural analysis to detect and block new and advanced threats.”
Other key findings from WatchGuard’s Q1 2021 Internet Security Report include:
• Fileless malware variant explodes in popularity – XML.JSLoader is a malicious payload that appeared for the first time in both WatchGuard’s top malware by volume and most widespread malware detections lists. It was also the variant WatchGuard detected most often via HTTPS inspection in Q1. The sample WatchGuard identified uses an XML external entity (XXE) attack to open a shell to run commands to bypass the local PowerShell execution policy and runs in a non-interactive way, hidden from the actual user or victim. This is another example of the rising prevalence of fileless malware and the need for advanced endpoint detection and response capabilities.
• Simple file name trick helps hackers pass off ransomware loader as legitimate PDF attachments – Ransomware loader Zmutzy surfaced as a top-two encrypted malware variant by volume in Q1. Associated with Nibiru ransomware specifically, victims encounter this threat as a zipped file attachment to an email or a download from a malicious website. Running the zip file downloads an executable, which to the victim appears to be a legitimate PDF. Attackers used a comma instead of a period in the file name and a manually adjusted icon to pass the malicious zip file off as a PDF. This type of attack highlights the importance of phishing education and training, as well as implementing backup solutions in the event that a variant like this unleashes a ransomware infection.
• Threat actors continue to attack IoT devices – While it didn’t make WatchGuard’s top 10 malware list for Q1, the Linux.Ngioweb.B variant has been used by adversaries recently to target IoT devices. The first version of this sample targeted Linux servers running WordPress, arriving initially as an extended format language (EFL) file. Another version of this malware turns the IoT devices into a botnet with rotating command and control servers.
• Network attacks surge more than 20% – WatchGuard appliances detected more than 4 million network attacks, a 21% increase compared to the previous quarter and the highest volume since early 2018. Corporate servers and assets on site are still high-value targets for attackers despite the shift to remote and hybrid work, so organisations must maintain perimeter security alongside user-focused protections.
• An old directory traversal attack technique makes a comeback – WatchGuard detected a new threat signature in Q1 that involves a directory traversal attack via cabinet (CAB) files, a Microsoft-designed archival format intended for lossless data compression and embedded digital certificates. A new addition to WatchGuard’s top 10 network attacks list, this exploit either tricks users into opening a malicious CAB file using conventional techniques, or by spoofing a network-connected printer to fool users into installing a printer driver via a compromised CAB file.
• Hafnium zero days provide lessons on threat tactics and response best practices – Last quarter, Microsoft reported that adversaries used the four Hafnium vulnerabilities in various Exchange Server versions to gain full, unauthenticated system remote code execution and arbitrary file-write access to any unpatched server exposed to the Internet, as most email servers are. WatchGuard incident analysis dives into the vulnerabilities and highlights the importance of HTTPS inspection, timely patching and replacing legacy systems.
• Attackers co-opt legitimate domains in cryptomining campaigns – In Q1, WatchGuard’s DNSWatch service blocked several compromised and outright malicious domains associated with cryptomining threats. Cryptominer malware has become increasingly popular due to recent price spikes in the cryptocurrency market and the ease with which threat actors can siphon resources from unsuspecting victims.
WatchGuard’s quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard Fireboxes whose owners have opted in to share data to support the Threat Lab’s research efforts. In Q1, WatchGuard blocked a total of more than 17.2 million malware variants (461 per device) and nearly 4.2 million network threats (113 per device). The full report includes details on additional malware and network trends from Q1 2021, a detailed analysis of the Hafnium Microsoft Exchange Server exploits, critical defence tips for readers, and more.
Read WatchGuard’s complete Q1 2021 Internet Security Report here.
About WatchGuard Technologies
WatchGuard Technologies is a global leader in network security, secure Wi-Fi, multi-factor authentication, advanced endpoint protection, and network intelligence. The company’s award-winning products and services are trusted around the world by nearly 18,000 security resellers and service providers to protect more than 250,000 customers. WatchGuard’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for midmarket businesses and distributed enterprises. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.
Subscribe to ITWIRE UPDATE Newsletter here
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK