New research from WatchGuard reveals that 30 percent of malware attacks are zero day exploits
WatchGuard Technologies released the findings of its inaugural quarterly Internet Security Report, which explores the latest computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises. The report covers the top network and malware trends from Q4 2016, examines the most notable cyber security stories, details new research from the WatchGuard Threat Lab, and provides practical defense tips for security professionals. The findings in the report are based on anonymized Firebox Feed data from WatchGuard’s active unified threat management (UTM) appliances worldwide.
“We’re incredibly excited to introduce WatchGuard’s Internet Security Report,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Our Threat Lab has been monitoring the most prevalent security industry threats and trends for years and now with the addition of the Firebox Feed—anonymized threat analytics from Fireboxes deployed around the world—we have firsthand, acute insight into the evolution of cyber attacks and how threat actors are behaving. Each quarter, our report will marry new Firebox Feed data with original research and analysis of major information security events to reveal key threat trends and provide defense best practices.”
With cyber attacks like the Mirai Botnet, the SWIFT banking attacks, and alleged Russian interference in the presidential election, cyber criminals were busy in 2016, and Q4 was no exception. Ransomware attempts through phishing emails and malicious websites dominated the headlines, banks and healthcare organizations were targeted by increasingly devastating attacks, and nation-states continued to target one another with sophisticated cyber attacks.
The insight trends, research and security tips discussed in WatchGuard’s quarterly Internet Security Report are designed to help companies stay educated and vigilant in such a dynamic threat landscape. Here are the top five key findings from the report:
- Approximately 30 percent of malware was classified as new or “zero day” because it was not caught by a legacy antivirus (AV) solution. This confirms that cyber criminals’ capability to automatically repack or morph their malware has outpaced the AV industry’s ability to keep up with new signatures. Without an advanced threat prevention solution, which identifies malware proactively using modern detection techniques, companies would miss almost 1/3 of malware.
- Old threats become new again. First, macro-based malware is still very prevalent. Despite being an old trick, many spear-phishing attempts still include documents with malicious macros, and attackers have adapted their tricks to include Microsoft’s new document format. Second, attackers still use malicious web shells to hijack web servers. PHP shells are alive and well, as nation-state attackers have been evolving this old attack technique with new obfuscation methods.
- Most network attacks target web services and browsers. 73 percent of the top attacks target web browsers in drive-by download attacks.
- The top network attack, Wscript.shell Remote Code Execution, almost entirely affected Germany alone. Breaking it down country by country that attack targeted Germany 99 percent of the time.
WatchGuard’s Internet Security Report is based on anonymized data from more than 24,000 active WatchGuard UTM appliances worldwide. These appliances blocked more than 18.7 million malware variants in Q4, which averages to 758 variants per participating device. They also blocked more than 3 million network attacks in Q4, which averages to 123 attacks per participating device. The report includes a detailed breakdown of the quarter’s top malware and attack trends, the top security incidents, and web and email attack trends. In response to the rapid spread of the Mirai botnet, the WatchGuard Threat Lab has also launched an ongoing research project that analyzes IoT devices for security flaws. The research highlighted in this report evaluated Wi-Fi cameras, fitness accessories and network-enabled novelty devices. This includes a deeper look at vulnerabilities the Threat Lab found in a relatively popular wireless IP camera and steps consumers should take to secure IoT devices they purchase.