This year cyber attackers have narrowed their focus to methods that involve credential theft – whether through malware, phishing or brute force attacks, the end result is a massive uptake in prevalence and sophistication.
WatchGuard’s latest quarterly Internet Security Report analyses threats facing SMBs and enterprises. It found that nearly half (47%) of all malware is able to hide from signature-based AV solutions, and is also ‘new’ or zero-day malware.
The number one malware for the second quarter this year was Mimikatz, an open source credential theft tool used for stealing and replacing Windows credentials.
It accounted for 36% of all malware, and it is the first time it has appeared in the report’s top 10 list.
WatchGuard CTO Corey Nachreiner says that data from the report shows attackers are more focused on credential theft than ever before.
The report also found that brute force attacks are also proving popular for attackers’ quests to gain user credentials. The attacks against web servers use automated tools and work against web servers without protections that monitor failed logins. Automated attacks are able to test thousands of passwords per second.
While brute force attacks were in the top 10 network attacks, network attacks as a whole have dropped 30% compared to Q1.
WatchGuard used anonymised data from its Firebox Feeds across 33,500 appliances. In Q2, appliances blocked more than 16 million malware variants.
“The web continues to be the battleground. As has continued for the third quarter in a row, most if not all the top ten network attack targeted web servers and clients. Adding additional securityservices to your web traffic remains a top priority,” the report concludes.