New Research Shows Surge in Malicious Office Documents, Mac Malware and Web Application Exploits
June 2019 by WatchGuard® Technologies
WatchGuard® Technologies’ latest quarterly Internet Security Report shows a massive 62% increase in overall malware detections in Q1 2019 compared to the previous quarter. The report also found that cyber criminals are leveraging a wide array of varied attack techniques, including malicious Microsoft Office documents, Mac malware and web application exploits. These results illustrate that hackers are doubling down on well-known tactics like credential theft and ransomware by utilising fake Office documents and other attack vectors that require advanced defences to combat a wider variety of threat vectors.
More than 17% of WatchGuard Fireboxes blocked malicious Office documents, with two threats in this category making it into WatchGuard’s most widespread malware list, and one in the top 10 malware attacks by volume. Over half of these malicious documents were blocked in EMEA. The advice to users is to avoid interacting with unsolicited Office documents and consider any attachments that seek to enable macros as a threat.
“The key findings from this latest report illustrate the importance of layered security protections in today’s advanced threat landscape,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Whether it be DNS-level filtering to block connections to malicious websites and phishing attempts, intrusion prevention services to ward off web application attacks, or multi-factor authentication to prevent attacks leveraging compromised credentials – it’s clear that modern cyber criminals are leveraging a bevy of diverse attack methods. The best way for organisations to protect themselves is with a unified security platform that offers a comprehensive range of security services.”
WatchGuard’s Internet Security Report is designed to provide the threat intelligence, research and security best practices organisations need to defend against online adversaries and better protect their data. Other key findings from the Q1 2019 report include:
· Mac OS malware on the rise – Mac malware first appeared on WatchGuard’s top 10 malware list in Q3 2018, and now two variants have become prevalent enough to make the list in Q1 2019. This increase in Mac-based malware further debunks the myth that Macs are immune to viruses and malware and reinforces the importance of advanced threat protection for all devices and systems.
· Web application exploits soar – Despite a decrease in the overall volume of network attacks, web application attacks grew significantly. WatchGuard’s IPS service caught attackers exploiting many cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities – both popular methods for credential theft. Two SQLi attacks made it onto WatchGuard’s top 10 network attacks list, while one web XSS attack accounted for more than 10% of network attacks on the top 10 list overall.
· DNS filtering blocks more than 5 million malicious sites – WatchGuard’s DNSWatch service successfully prevented 5,192,883 attempted visits to nefarious destinations, blocking over half a million connections to known malware-hosting domains, 187,101 connections to compromised websites and 61,096 connections to known phishing sites. Compromised websites can be difficult to identify and block, so DNS-level filtering is critical to prevent users from unknowingly falling victim to malware infections, credential theft or botnet command and control systems.
· Fileless malware stakes its claim – Fileless threats appeared in both WatchGuard’s top 10 malware and top 10 network attack lists. On the malware side, a PowerShell-based code injection attack showed up in the top 10 list for the first time, while the popular fileless backdoor tool, Meterpreter, made its first appearance in the top 10 list of network attacks too. This trend further demonstrates cyber criminals’ continued focus on utilising this evasive threat category.
· Mimikatz malware skyrockets by 73%, remains the #1 threat – Accounting for 20.6% of all malware found in Q1, this popular open source tool is often used for password theft and represents a major driver behind many network infiltrations. Mimikatz is a mainstay on WatchGuard’s top 10 malware list, which highlights the importance of using lengthy, complex passwords unique to each individual account. Furthermore, with cyber criminals’ persistent focus on credential theft, organisations of all sizes should consider adopting multi-factor authentication solutions in order to prevent bad actors from compromising legitimate user accounts.
WatchGuard’s Internet Security Report is based on anonymised Firebox Feed data from a subset of active WatchGuard UTM appliances whose owners have opted in to data-sharing to support the Threat Lab’s research efforts. Today, 42,372 appliances throughout the world contribute to the Internet Security Report data pool. In total, those appliances blocked more than 23,884,979 malware variants, at a rate of 564 samples blocked per device. Additionally, those Firebox appliances prevented 989,759 network attacks (23 per device).
The complete report explores the most impactful malware and attack trends from Q1 2019, a detailed analysis of the historic “51% attack” against the cryptocurrency Ethereum Classic (ETC) that resulted in $1.1 million in loses, and cyber security advice readers can use to better protect themselves and their organizations.
For more information, download the full report here: https://www.watchguard.com/wgrd-res...