Zero-day malware, SQL injections rise in Q4 2019

News by Chandu Gopalakrishnan

SQL injection was the major network attack tactic of Q4 2019, with an enormous 8000 percent rise when compared to Q4 2018, says WatchGuard research

Use of zero-day malware has grown exponentially during the last three months of 2019, assessed WatchGuard Technologies researchers. Fireboxes blocked 34.5 million malware samples in the fourth quarter of 2019. This translates into an all-time high of about 860 malware hits per Firebox.

WatchGuard senior security analyst Marc Laliberte attributes this rise to the easy availability of technology. 

“The increase in malware volume from Q4 2018 to Q4 2019 was substantial, even after taking into account the number of sites reporting into our threat intelligence feed. We think this increase is most likely attributed to just how easy it is for even low skilled attackers to launch their own campaigns,” Laliberte told SC Media UK. 

“It used to be that malicious hackers needed to develop or purchase their own malware payloads and create their own infrastructure for delivery. Nowadays though, with malware-as-a-service running rampant on underground forums, anyone can launch an attack.”

SC Media UK this week reported about newbie cyber-criminal gangs and threat groups using common malwares available on the black market or already-released malwares to cover their lack of deep expertise or resources to create advanced, target-specific malware.

“The other point to note here is that hacking groups from China and Russia use common malware to hide their prime act: create confusion in the market so that they can launch their attack under noise and blame goes to the creator of the old malware,” Kumar Ritesh, chairman and CEO at CYFIRMA, told SC Media UK.

The trend of hanging on to old tools and techniques is evident in the findings of the report. A Microsoft Excel vulnerability from 2017 was the seventh most common piece of malware on its Q4 2019 list. One of the top compromised websites in Q4 2019 hosted tried and tested macOS adware Bundlore, which poses as an Adobe Flash update. 

“Over the last year, and really until just recently, the most widely circulated malware payload we saw was the credential-theft tool Mimikatz. This tool was originally developed for penetration testers but quickly became a staple for cyber-criminals due to its effectiveness of stealing Windows credentials with ease,” Laliberte pointed out.

Fireboxes blocked 1.88 million network attacks in Q4 2019, with an average of 47 attacks per Firebox. SQL injection was the major network attack tactic of Q4 2019, with an enormous 8,000 percent rise when compared to Q4 2018.

“The most likely explanation for the spike in SQL injection this quarter likely involves a new automated tool looking for vulnerable databases exposed to the internet. We often see individual threats spike and drop quarter over quarter in our threat feed as attackers switch their focus to different classes of targets,” explained Laliberte.

Another trend was the mass use of automated attacks in Q4 2019, in the form of massive volumes of attacks targeting relatively old vulnerabilities in network-exposed services. 

“Cyber-criminals can be reasonably successful going after organisations that have failed to keep their systems and services updated with the latest security patches. That isn’t to say that target attacks aren’t a concern though. Attackers have simply shifted their focus to specific verticals like healthcare, local governments and education when it comes to a more focused assault,” noted Laliberte.

Steps boil down to basics when it comes to mitigating these threats, said Laliberte. The ‘Phishing by Industry Benchmarking Report’ by KnowBe4 shows that an average of 37.9 percent of untrained end-users will likely fall for a phishing or social engineering scam. 

“Based on the findings of the KnowBe4 Phishing Benchmark report, across small organisations, healthcare and pharmaceutical organisations had the highest phish-prone percentage at 44.7 percent,” KnowBe4 security awareness advocate Javvad Malik told SC Media UK.

“Within mid-size organisations, construction companies had the highest percentage of phish-prone employees, ranking at 49.7 percent. For the large organisations of 1,000 or more employees, technology companies led the pack with an astounding 55.9 percent, followed by hospitality companies.” 

Many organisations fall into the trap of trying to use technology as the only means of defending their networks and forgetting that the power of human awareness and intervention is paramount in arriving at a highly secured state, observed Malik. As cyber-crime continues to surge, security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment, he added.

“It is easy for security professionals to get lost in the details and neglect some basic defenses that could increase their organisation’s security. Basics like phishing awareness training for end users, multi-factor authentication to limit the risk of credential theft, and a layered security approach from the perimeter down to the endpoint are all critical defenses that anyone can deploy before focusing on specific threats,” said Laliberte.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews