Story image

WatchGuard report: 30% of all malware isn’t caught by legacy AV

08 May 2017

WatchGuard’s latest Quarterly Internet Security Report says that 30% of malware attacks are new or zero day exploits, which means antivirus solutions that rely on previous signatures are missing a huge chunk of the cyber threat landscape.

The Quarterly Internet report, based on analytics from WatchGuard's Threat Lab, looks at the latest security and network threats affecting small businesses and enterprises. 

In Q4 2016, WatchGuard blocked 30.4 million network attacks and 18.7 million malware variants.

The APAC region fared reasonably well, accounting for 6% of malware attacks and 1% of network attacks. However, all of the top ten Word macro malware variants primarily affected China and the United States.

“Our Threat Lab has been monitoring the most prevalent security industry threats and trends for years and now with the addition of the Firebox Feed—anonymised threat analytics from Fireboxes deployed around the world—we have firsthand, acute insight into the evolution of cyber attacks and how threat actors are behaving,” comments WatchGuard CTO Corey Nachreiner.

The report found that because 30% of malware is new and undetected by legacy AV solutions, it shows that cyber criminals’ ability to hide or repack their creations is outpacing the security industry’s efforts to keep up with them. 

WatchGuard says that without an advanced threat protection solution, organisations would fail to detect a third of all malware. 

Here are some of the major trends from the Quarterly Internet Security Report:

  • Macro-based malware is still doing the rounds. This include spear-phishing emails that include documents with malicious macros. Attackers have also included Microsoft’s new document format as part of their arsenal.
  • Attackers are looking at banks as popular targets for evasive malware. They're also using malicious web shells and PHP shells to hijack web servers.
  • JavaScript is still highly vulnerable, as it is still a popular malware delivery platform for exploit kits. WatchGuard says its Firebox feed saw a jump (STATS) in malicious JavaScript across email and the web.
  • Network attacks are going after web services and browsers - 73% of attacks target web browsers in drive-by downloads.
  • Trojans are increasingly going after IoT devices running Linux systems.
  • The Mirai botnet attacks showed that IoT devices should never be connected directly to the internet.

So how do organisations protect against attacks? WatchGuard has some basic tips.

  • Keep security best practices and firewalls in addition to more advanced threat protection
  • Consumers should only buy IoT devices from manufacturers who consider security. IoT devices should also be kept up to date with the latest firmware and software
  • Use layered, Kill Chain defences to protect against all possible attack vectors and stages
  • Educate employees about the latest security threats - such as Office documents loaded with malicious macros
  • Choose an advanced malware prevention solution, such as WatchGuard APT Blocker. 

Want to find out more? Download the full report here.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.