SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
WatchGuard report: 30% of all malware isn’t caught by legacy AV
Mon, 8th May 2017
FYI, this story is more than a year old

WatchGuard's latest Quarterly Internet Security Report says that 30% of malware attacks are new or zero day exploits, which means antivirus solutions that rely on previous signatures are missing a huge chunk of the cyber threat landscape.

The Quarterly Internet report, based on analytics from WatchGuard's Threat Lab, looks at the latest security and network threats affecting small businesses and enterprises.

In Q4 2016, WatchGuard blocked 30.4 million network attacks and 18.7 million malware variants.

The APAC region fared reasonably well, accounting for 6% of malware attacks and 1% of network attacks. However, all of the top ten Word macro malware variants primarily affected China and the United States.

“Our Threat Lab has been monitoring the most prevalent security industry threats and trends for years and now with the addition of the Firebox Feed—anonymised threat analytics from Fireboxes deployed around the world—we have firsthand, acute insight into the evolution of cyber attacks and how threat actors are behaving,” comments WatchGuard CTO Corey Nachreiner.

The report found that because 30% of malware is new and undetected by legacy AV solutions, it shows that cyber criminals' ability to hide or repack their creations is outpacing the security industry's efforts to keep up with them.

WatchGuard says that without an advanced threat protection solution, organisations would fail to detect a third of all malware.

Here are some of the major trends from the Quarterly Internet Security Report:

  • Macro-based malware is still doing the rounds. This include spear-phishing emails that include documents with malicious macros. Attackers have also included Microsoft's new document format as part of their arsenal.
  • Attackers are looking at banks as popular targets for evasive malware. They're also using malicious web shells and PHP shells to hijack web servers.
  • JavaScript is still highly vulnerable, as it is still a popular malware delivery platform for exploit kits. WatchGuard says its Firebox feed saw a jump (STATS) in malicious JavaScript across email and the web.
  • Network attacks are going after web services and browsers - 73% of attacks target web browsers in drive-by downloads.
  • Trojans are increasingly going after IoT devices running Linux systems.
  • The Mirai botnet attacks showed that IoT devices should never be connected directly to the internet.

So how do organisations protect against attacks? WatchGuard has some basic tips.

  • Keep security best practices and firewalls in addition to more advanced threat protection
  • Consumers should only buy IoT devices from manufacturers who consider security. IoT devices should also be kept up to date with the latest firmware and software
  • Use layered, Kill Chain defences to protect against all possible attack vectors and stages
  • Educate employees about the latest security threats - such as Office documents loaded with malicious macros
  • Choose an advanced malware prevention solution, such as WatchGuard APT Blocker. 
Want to find out more? Download the full report here.