Friday, 5th June 2020

Explosion in evasive malware

Report finds macOS adware and 2017 Excel exploit running rampant and includes analysis of keylogger malware used in coronavirus-related phishing attacks.

WatchGuard® Technologies’latest Internet Security Reportshows that evasive malware has grown to recordhigh levels, with over two-thirds of malware detected by its Firebox security appliances in Q4 2019evading signature-based antivirus solutions. This is a dramatic increase from the year-long average of 35% for 2019 and points to the fact that obfuscated or evasive malware is becoming the rule, not the exception. Companies of all sizes need to deploy advanced anti-malware solutions that can detect and block these attacks.


In addition, WatchGuard found widespread phishing campaigns exploitinga Microsoft Excel vulnerability from 2017. This ‘dropper’ exploit was number seven on WatchGuard’s top ten malware list and heavily targeted the UK, Germany and New Zealand. It downloads several other types of malware onto victims’ systems, including a keylogger named Agent Tesla that was used in phishing attacks in February 2020 that preyed on early fears of the coronavirus outbreak.

“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” said Corey Nachreiner, chief technology officer at WatchGuard. “With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses, and innovations like Mac adware on the rise, businesses of all sizes need to invest inmultiple layers of security.Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”

WatchGuard’s Internet Security Reportprepares businesses, service providers and end users with the data, trends, research and best practices they need to defend against today’s security threats. Other key findings from the Q4 2019report include:

  • Mac adware jumps in popularity in Q4– One of the top compromised websites WatchGuard detected in Q4 2019 hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update. This lines up with aMalwareBytes reportfromFebruary 2020 that showed a rise in Mac malware, particularly adware.
  • SQL injection attacks became the top network attack in 2019 – SQL injection attacks rose an enormous 8000% in total between 2018 and 2019, becoming the most common network attack of the year by a significant margin.
  • Hackers increasingly using automated malware distribution – Many attacks hit 70 to 80 percent of all Fireboxes in a single country, suggesting attackersare automating their attacksmore frequently.

The findings included in WatchGuard’sInternet Security Reportare drawn fromanonymised Firebox Feed data from active WatchGuard UTM appliances whose owners have opted into share data to support the Threat Lab’s research efforts. Today, over40,000 appliances worldwide contribute threat intelligence data to the report. In Q4 2019, theyblocked over 34,500,000malware variants in total (859.5 samples per device) and approximately1,879,000 network attacks (47 attacks per device).

The complete report also includes key defensive best practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis the MageCart JavaScript malware used in the Macy’s payment card data breach inOctober 2019.

SentinelOne has been chosen as the official cybersecurity provider to British luxury car manufacture...
Joint customers can now instantly monitor, analyse, detect and respond to insider threats.
ExtraHop has formed a partnership with CrowdStrike, a leader in cloud-delivered endpoint protection....
WatchGuard partners to realise immediate value from Panda Security’s advanced endpoint detection and...
Global technology provider Arrow Electronics has formed a Pan-European distribution agreement with c...
Zscaler has acquired Edgewise Networks, a pioneer in securing application-to-application communicati...
External attacks on cloud accounts grew 630 percent from January to April.
New research from email security firm Tessian reveals how risky remote working behaviors pose increa...