Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

WatchGuard Finds Explosion of Attacks Targeting Leading Web Conference Solution

March 2019 by WatchGuard® Technologies

Network attacks targeting a vulnerability in the Cisco Webex
Chrome extension have increased dramatically according to WatchGuard® Technologies.
In its latest Internet Security Report for the last quarter of 2018, they were the
second-most common network attack. The vulnerability was first disclosed and patched
in 2017 and attacks were almost non-existent in early 2018, but WatchGuard
detections grew by over 7,000 percent from Q3 to Q4.

The report also shows that Phishing campaigns saw a dangerous increase in
sophistication, with new attacks using advanced methods including threatening to
release recordings of users visiting adult content online, customising emails for
specific targets and creating fake banking login web pages. Based on data from tens
of thousands of active WatchGuard Firebox appliances around the world, a new
sextortion phishing attack was the second-most common attack detected in Q4 2018. It
accounted for almost half of the unique malware hashes detected, because the email
phishing message is tailored to each recipient. The message claims the sender has
infected the victim’s computer with a trojan and recorded them visiting adult
websites, threatening to send these compromising images to their email contacts
unless they pay a ransom.

“There was a noticeable increase in advanced phishing attacks targeting high-value
information,” said Corey Nachreiner, CTO at WatchGuard Technologies. “Now more
than ever, it’s vital for businesses to take the layered approach to security and
deploy solutions that offer DNS-level filtering designed to detect and block
potentially dangerous connections and automatically refer employees to resources
that bolster phishing awareness and prevention. A combination of security controls
and human training will help businesses avoid becoming hooked by phishing
attacks.”

The other top findings from the report include:
 16.5 percent of all Fireboxes were targeted by CoinHive cryptominer –
The most widespread malware variant in Q4 came from the popular CoinHive cryptominer
family, showing that cryptomining remains a popular attack type. Two of the top ten
most common pieces of malware detected were also cryptominers.
 A major phishing attack leverages a fake bank page – Another widespread
piece of malware in Q4 sent a phishing email with a fake, but highly realistic Wells
Fargo login page to capture victim emails and passwords. Overall, WatchGuard saw a
rise in sophisticated phishing attacks targeting banking credentials.
 One ISP’s filtering error routed Google traffic through Russia and
China for 74 minutes – The report includes a technical analysis of a Border
Gateway Protocol (BGP) hijack in November 2018 that inadvertently sent most of
Google’s traffic through Russia and China for a short time. WatchGuard found that
a Nigerian ISP called MainOne made a mistake in their routing filters, which then
spread to Russian and Chinese ISPs and caused much of Google’s traffic to be
routed through these ISPs unnecessarily. This accidental hijack highlights the
underlying insecure standards that the internet is based on. A sophisticated attack
targeting these flaws could have potentially catastrophic consequences.
 Network attacks rise after historic lows in mid-2018 – Network attacks
rose 46 percent by volume and 167 percent in terms of unique signature hits in Q4
compared to Q3 2018. This follows a trend seen in previous years with attacks
ramping up during the holiday season.

The 2018 Q4 ISR also includes a granular analysis of source code for the Exobot
banking trojan. This highly sophisticated malware attempts to steal banking and
financial information from Android devices. The WatchGuard Threat Lab’s analysis
includes a list of the 150 sites such as Amazon, Facebook, Paypal and Western Union
that Exobot can automatically target, as well as a detailed look at the UI an
attacker using Exobot would use to push commands to infected devices.

The insights, research and security best practices included in WatchGuard’s
quarterly Internet Security Report help organisations of all sizes understand the
current cyber security landscape and better protect themselves, their partners and
customers from emerging security threats.

The findings are based on anonymised Firebox Feed data from over 42,000 active
WatchGuard UTM appliances worldwide. In total, these Fireboxes blocked over 16
million malware variants (382 per device) and approximately 1,244,000 network
attacks (29 per device) in Q4 2018.

For more information, download the full report here:
https://www.watchguard.com/wgrd-resource-center/security-report-q4-2018.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts