Malware Has Increased By 64%

Uploaded on 2019-10-10 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The most common domains that attackers use to host malware and launch phishing attacks include several subdomains of legitimate sites and content delivery networks. 

These sites include CloudFlare.net which belongs to Amazon, SharePoint and Amazonaws.com, along with a number of legitimate file-sharing websites, according to WatchGuard who have completed a report on these problems. 

The research shows that year-on-year malware volume has increased by 64% and that it is increasingly targeting Europe and APAC

The report highlights that modules from the popular Kali Linux penetration testing tool made the top ten malware list for the first time in Q2 2019.

WatchGuard 2019 Internet Security Report highlights:

  • Zero-day malware accounted for 38% of all malware detections, within a few percentage points of the previous two quarters.
  • Overall    malware detections trended down around 5% this quarter compared to Q1 2019. 
  • Malware is still up 64% compared to Q2 2018.
  • DNSWatch blocked multiple campaigns that used 
  • Content Delivery Networks (CDNs) to host browser-hijacking malware. 
  • In Q2 2019, there was an increased overlap between the most-widespread malware detection affecting individual networks and the most prolific malware by volume, with three threats found in both lists.
  • The EMEA region saw the most malware detections per Firebox, with APAC in a close second and AMER bringing up the rear. This is almost the perfect opposite to the previous quarter.
  • Multiple popular backdoor shell scripts, used by both penetration testers and cyber criminals, showed up in top malware attacks. 
  • 11% of the sextortion (sexual extortion) phishing emails associated with Trojan.Phishing.MH targeted Japan
  • Network attacks more than doubled from Q1 to Q2. This was the largest percent increase we’ve seen since 2017.
  • In Q2 2019, WatchGuard Fireboxes blocked 22,619,836 malware variants (549 per device) across all three anti-malware engines and 2,265,425 network attacks (60 per device).
  • 4 Trojan.GenericKD, which covers a family of malware that creates a backdoor to a command-and-control server, and backdoor.Small.DT, a web shell script used to create backdoors on web servers, were sixth and seventh on the list. 

The research shows that malware volume increased by 64% annually and that it is increasingly targeting Europe and the APAC region.

According to WatchGuard ,  nearly 37% of malware targeted the EMEA region, with several individual attacks focusing on the UK, Italy and Germany in Q2 2019. APAC came in second, targeted by 36% of overall malware attacks. In particular, the Razy and Trojan.Phishing. MH malware variants primarily targeted the APAC region, with 11% of Trojan.Phishing.MH detections found in Japan.

“This edition of the Internet Security Report exposes the gritty details of the methods hackers use to sneak malware or phishing emails onto networks by hiding them on legitimate content hosting domains,” said Corey Nachreiner, CTO at WatchGuard Technologies. 

“Luckily there are several ways to defend against this, including DNS-level filtering to block connections to known malicious websites, advanced anti-malware services, multi-factor authentication to prevent attacks leveraging compromised credentials, and training to help employees recognise phishing emails......No one defence will prevent every attack, so the best way for organisations to protect themselves is with a unified security platform that offers multiple layered security services.”

Widespread Phishing and Office Exploit Malware Increases
Two pieces of malware, a phishing attack that threatens to release fake compromising information on the victim and a Microsoft Office exploit, that appeared on the most widespread malware list in Q1 2019 and Q4 2018 have graduated to the top ten list by volume. This illustrates that these campaigns are on the rise and are sending a high volume of attacks at a wide range of targets. Users should update Office regularly and invest in anti-phishing and DNS filtering security solutions.

SQL injection dominates Network Attacks
SQL injection attacks made up 34% of all network attacks detected in Q2 2019 and have increased significantly in volume year-over-year. One specific attack increased over 29,000% from Q2 2018 to Q2 2019.

Anyone who maintains a SQL database, or a web server with access to one, should patch systems regularly and invest in a web application firewall.

The Report also contains a detailed analysis of the actual malware used in the Sodinokibi MSP ransomware attacks. 
 WatchGuard’s research shows that the attackers leveraged weak, stolen, or leaked credentials to gain administrative access to legitimate management tools that these MSPs used to monitor and manage their clients’ networks, then used these tools to disable security controls and stage and deliver the Sodinokibi ransomware via PowerShell.

Help Net Security:         WatchGuard

You Might Also Read:

A New Era Of Malware:

 

 

 

 


 

 

« UK Announces Plans For A Workforce Cyber Security Audit
USA and Britain Agree To Share Crime Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

UL Solutions

UL Solutions

UL Solutions is a safety, security and compliance consulting and certification company. Areas covered include cyber security.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.