sb-au logo
Story image

Surge in encrypted malware prompts warning about detection strategies

29 Jun 2020

WatchGuard Technologies’ Q1 2020 Internet Security Report has shown a massive surge in malware delivery over encrypted connections, highlighting what could become the next most common attack vector after phishing emails.

According to the report, 67% of all malware in the quarter was delivered by HTTPS encrypted connections.  Furthermore, 72% of the malware is zero-day malware, meaning there is no identifiable signature that can be detected by signature-based security platforms.

“If you are not decrypting and scanning your secure web connections, you are likely missing a large majority of malware,” the report states.

The Flawed-Ammyy and Cryxos malware variants took top spots on WatchGuard’s top five encrypted malware list. Cryxos is delivered as an email attachment disguised as an invoice and will ask the user to enter their email and password, which it then stores. 

The report states, “Filling out the form doesn’t lead you to any file or page, but it does send the username and password to a compromised WordPress site where the attacking server stores the input.”

Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer.        

The report states, “As always, never download files from an untrusted source. Also, know what a Microsoft scam looks like. Microsoft will never call you first and will never give a phone number to call with an error.”

Other top malware variants include Lnkr, an encrypted malware that places ads on websites and hides from Chrome.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” comments WatchGuard’s chief technology officer, Corey Nachreiner. 

“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Findings are taken from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. 

WatchGuard says that today, more than 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, the appliances collectively blocked more than 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

Story image
CrowdStrike acquires Preempt Security for $96m, develops zero trust security offerings
With this acquisition, the company plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon platform with conditional access technology. More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
AFP arrests two men with ties to Australian SMS phishing scheme
“The success of Operation Genmaicha has prevented further Australians from seeing their hard-earned savings siphoned off to criminal entities.”More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More