No advance threat protection means companies can miss third of malware

News by Danielle Correa

The new Quarterly WatchGuard Security Report reviews top network and malware trends and offers advice on how to better protect your organisation.

Thirty percent of malware can be classified as new or zero-day as it cannot be caught by legacy antivirus (AV) solutions.

WatchGuard's new Quarterly Internet Security Report reveals that cyber-criminals' capability to automatically repack or morph their malware has outpaced the AV industry's ability to keep up with new signatures. Therefore, without advanced threat protection, companies could be missing up to a third of malware.

The findings of the report are based on anonymised data from WatchGuard's 24,000 active unified threat management appliances worldwide.

“We have firsthand, acute insight into the evolution of cyber-attacks and how threat actors are behaving,” claimed Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Each quarter, our report will marry new data with original research and analysis of major information security events to reveal key threat trends and provide defence best practices.”

Macro-based malware is still prevalent despite it being an old threat. Spear-phishing attempts were discovered to still rely on malicious macros hidden in files.

A rise in malicious JavaScript has been detected, both in email and over the web, showing that JavaScript is a popular malware delivery and obfuscation mechanism.  

Exploit kits (EKs) are also a popular malware delivery mechanism. It's likely they account for the prevalence of malicious JavaScript.

Most network attacks target web services and browsers, with 73 percent of the top attacks targeting web browsers in drive-by download attacks.

All of the top ten exploits were web-based attacks and the top network attack was Remote Code Execution that targets Internet Explorer.

A significant amount of Linux-based Trojans were observed, likely connected with IoT attacks.

Nation-state hackers use similar hacking tools as criminals, but with more sophisticated obfuscation and evasion techniques.

“With ransomware attempts and malicious websites dominating the headlines along with cyber-attacks such as the Mirai Botnet, the SWIFT banking attacks and alleged Russian interference in the US presidential election, it was a busy quarter for cyber-criminals. The insight trends, research and security tips in our Quarterly Internet Security Reports are designed to help companies stay educated and vigilant in such a dynamic threat landscape,” said Jonathan Whitley, sales director for Northern Europe at WatchGuard.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews