WatchGuard Threat Lab Reports 91.5% of Malware Arrived Over Encrypted Connections in Q2 2021 | Your money
SEATTLE, September 30, 2021 (GLOBE NEWSWIRE) – WatchGuard® Technologies, a global leader in network security and intelligence, advanced endpoint protection, multi-factor authentication (MFA) and secure Wi-Fi , today released its latest quarterly Internet Security Report. Report, detailing the top malware trends and network security threats analyzed by WatchGuard Threat Lab researchers during the second quarter of 2021. The report also includes new insights based on endpoint threat information detected during the year. first half of 2021. Key research findings revealed an astonishing 91.5% rate of malware arriving over HTTPS encrypted connections, alarming surges in fileless malware threats, dramatic growth in ransomware, sharp increase network attacks and much more. “While much of the world still operates firmly in a mobile or hybrid workforce model, the traditional network perimeter is not always factored into the cybersecurity defense equation,” said Corey Nachreiner, director of security at WatchGuard. “While strong perimeter defense is always an important part of a layered security approach, enhanced Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) are increasingly becoming the norm. more essential. Among its most notable findings, WatchGuard’s Q2 2021 Internet Security Report reveals:
Massive amounts of malware arrive via encrypted connections – In the second quarter, 91.5% of malware arrived via encrypted connection, a dramatic increase from the previous quarter. Simply put, any organization that doesn’t examine perimeter encrypted HTTPS traffic is missing 9/10 of all malware. Malware uses PowerShell tools to bypass powerful protections – AMSI.Disable.A first appeared in WatchGuard’s top malware section. in the first quarter and rose immediately for this quarter, reaching second on the list in terms of volume and taking first place for all encrypted threats. This malware family uses PowerShell tools to exploit various vulnerabilities in Windows. But what makes him particularly interesting is his evasive technique. WatchGuard discovered that AMSI.Disable.A uses code capable of disabling the Antimalware Scanning Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its undetected malware payload. Fileless threats are skyrocketing, becoming even more evasive – in the first six months of 2021, malware detections from scripting engines like PowerShell have already reached 80% of the total volume of script-initiated attacks in the last year, which itself represented a substantial increase over the previous year. At its current rate, 2,021 fileless malware detections are set to double in volume over the year. reached the highest volume since early 2018. The first quarter saw nearly 4.1 million network attacks. In the following quarter, that number jumped another million – setting an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-centric protections. From 2018 to 2020, this trend came to a halt in the first half of 2021, with the six-month total falling just short of the 2020 total. While daily ransomware detections remain unchanged until the end of 2021 , this year’s volume will reach an increase of over 150% over 2020. Big game ransomware eclipses shotgun blast attacks – The attack on the Colonial Pipeline on May 7, 2021 clearly showed scary that ransomware as a threat is here to stay. As the major security incident of the quarter, the breach highlights how cybercriminals not only put the most vital services – such as hospitals, industrial control and infrastructure – in their sights, but appear to be stepping up attacks. against those high value targets as well. WatchGuard Incident Analysis examines the fallout, what the future of critical infrastructure security looks like, and the steps organizations in any industry can take to defend against these attacks and slow their spread. two new signatures seen in previous quarterly reports, there were four new signatures among WatchGuard’s top 10 network attacks for the second quarter. Notably, the most recent was a 2020 vulnerability in the popular PHP web scripting language, but the other three are not new at all. These include an Oracle GlassFish Server 20ll vulnerability, a SQL 2013 injection flaw in the OpenEMR medical records application, and a 2017 remote code execution (RCE) vulnerability in Microsoft Edge. Although dated, all still present risks if not corrected. Microsoft Office-based threats persist in popularity – The second quarter saw another addition to the list of the 10 most common network attacks, and it debuted at the top. The signature, 1133630, is the aforementioned RCE 2017 vulnerability that affects Microsoft browsers. While this is an old exploit and fixed in most systems (hopefully), the ones that haven’t been fixed yet are about to wake up abruptly if an attacker is able to there. access before them. In fact, a very similar high-severity RCE security vulnerability identified as CVE-2021-40444 made headlines earlier this month when it was actively exploited in targeted attacks against Microsoft Office and Office 365. on Windows 10 computers. Desktop-based threats continue to be popular when it comes to malware, so we always spot these proven attacks in the wild. Fortunately, they are still detected by proven IPS defenses. Phishing domains masquerade as legitimate and widely recognized domains – WatchGuard recently observed an increase in the use of malware targeting Microsoft Exchange servers and generic email users to download remote access Trojans (RAT) in very sensitive places. This is most likely due to the second quarter in a row where workers and distance learners returned to either hybrid offices and academic environments or to previously normal on-site business behaviors. In any case – or location – a strong security awareness and monitoring of outgoing communications on devices that are not necessarily connected directly to the connected devices is advised.
WatchGuard Quarterly Research Reports are based on anonymized Firebox feed data from active WatchGuard Fireboxes whose owners have chosen to share data to directly support Threat Lab research efforts. In the second quarter, WatchGuard blocked a total of over 16.6 million malware variants (438 per device) and nearly 5.2 million network threats (137 per device). The full report includes details on additional malware and network trends from Q2 2021, even more in-depth analysis of threats detected on the device in H1 2021, recommended security strategies and defense tips. reviews for businesses of all sizes and in all industries, and Suite. For a detailed view of WatchGuard’s research, read the full Q2 2021 Internet Security Report here: https://www.watchguard.com/wgrd-resource-center/security-report-q2-2021
About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader in network security, endpoint security, secure Wi-Fi, multi-factor authentication, and network intelligence. The company’s award-winning products and services are trusted by more than 18,000 resellers and security service providers around the world to protect more than 250,000 customers. WatchGuard’s mission is to make enterprise-grade security accessible to businesses of all types and sizes through simplicity, making WatchGuard an ideal solution for midsize and distributed enterprises. The company is headquartered in Seattle, Washington, and has offices in North America, Europe, Asia-Pacific and Latin America. To learn more, visit WatchGuard.com.
For more information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also visit our InfoSec blog, Secplicity, for real-time information on the latest threats and how to deal with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.
WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are the property of their respective owners.
Copyright 2021 GlobeNewswire, Inc.