At sixth place, Mac-based malware makes its debut in the top ten most common types of malware in WatchGuard’s quarterly Internet Security Report, primarily delivered by emails tricking victims into installing fake cleaning software - while separately Malwarebytes finds crypto-miner targetting Macs (bottom of story).
Another finding from the WatchGuard report is that 6.8 percent of the world’s top 100,000 websites still accept old, insecure versions of the SSL encryption protocol. It also found an increase in attacks in the Asia Pacific region, which saw more malware hits in 2018 than in any other region.
Most attackers were found to stick to what they know by reusing and modifying old attacks like cross-site scripting, Mimikatz and cryptominers explained Corey Nachreiner, CTO at WatchGuard Technologies who adds: "It’s a good reminder that the vast majority of attacks aren’t ultra-advanced zero-days and can be prevented by using a layered security approach with advanced malware detection capabilities and investing in secure Wi-Fi and MFA solutions."
However he also expressed concern at how many major websites are still using the insecure SSL protocol. "This is a basic security best practice that should be implemented across 99.9 percent of the internet by now – it puts hundreds of thousands of users at risk."
Key takeaways from the Q3 2018 report include:
6.8 percent of the top 100,000 websites still support old, insecure versions of the SSL protocol. Despite it being deprecated by the Internet Engineering Task Force (SSL 2.0 was deprecated in 2011 and SSL 3.0 in 2015), 5,383 websites in the top 100,000 via Alexa still accept SSL 2.0 and SSL 3.0 encryption.
Also, 20.9 percent of the top 100,000 websites still do not use web encryption at all.
Mac malware is in the top ten for the first time ever. A piece of Mac scareware appeared in sixth place; primarily delivered by email, it tries to trick victims into installing fake cleaning software.
Hackers target APAC. APAC reported more total malware hits than EMEA or the USA. Top variants included Razy, which targeted APAC almost exclusively, Win32/Heur and MAC.OSX.AMCleanerCA.
Cryptominers remain popular. Razy, the second most common piece of malware detected, evolved into a cryptominer in Q3 and made up four percent of all malware blocked by WatchGuard antivirus service worldwide.
Mimikatz remains the most popular malware in Q3. This popular password theft kit has dominated WatchGuard’s top ten malware list for multiple quarters and shows no sign of slowing down.
Attackers go after web applications with cross-site scripting. Cross-site scripting accounted for 39.3 percent of the top ten exploits in Q3, primarily targeting web applications.
These findings are based on anonymised Firebox UTM Feed data from over 40,000 active WatchGuard UTM appliances worldwide and are reported to cover the major malware campaigns, network attacks and security threats targeting midmarket businesses and distributed enterprises.
Separately Malwarebytes reports finding a cryptomining Trojan it has called OSX.DarthMiner which is targeting MacOS systems. In a blogpost the company explains that OSX.DarthMiner is basically a script that combines two open-source tools – the EmPyre backdoor and the XMRig cryptominer – to mine cryptocurrency. Malwarebytes reports that that OSX.DarthMiner was offered for download as a program to steal software hence it is likely that victims were fooled into installing themselves.