SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
WatchGuard report tracks rise of network attacks in Q3
Fri, 18th Dec 2020
FYI, this story is more than a year old

WatchGuard's Q3 2020 Internet Security Report has called to attention the rise in attacks on corporate networks, even as many organisations shifted to remote work.

According to the report, WatchGuard observed more than 3.3 million network attacks in the quarter, a 90% rise quarter-on-quarter.  The report also notes that these are the highest attack levels in two years. Unique network attack signatures have also grown, reaching a two-year high.

Network attacks targeting countries in the Asia and Pacific regions were up for the second quarter in a row, mirroring the broader global rise in network attacks. These figures illustrate that organisations must prioritise corporate network security, even when workers are more remote than ever before.

Attackers are also preying on the fears that led to the mass adoption of remote working. In Q3, a COVID-19 adware campaign running on websites used for legitimate pandemic support purposes made WatchGuard's Top 10 Compromised Websites list. In another case, a phishing attack tried to fake an email and login page by the United Nations as attackers played on fears about COVID-19.

Security threats unrelated to COVID-19 also continue to flood in. According to the report, over 50% of malicious files are classed as zero-day malware, which means that signature-based solutions may not be able to detect them.

“Over half the malware we saw in Q3 can bypass basic signature-based malware protection, even if you scan encrypted traffic. With over six million detections this quarter, network and security administrators must use other layers of anti-malware services to block these threats,” the report notes.

In Q3, WatchGuard's DNSWatch service blocked a combined 2,764,736 malicious domain connections ( 499 blocked connections per organisation in total).  That means each organisation would have reached 262 malware domains, 71 compromised websites, and 52 phishing campaigns.

“As the impact of COVID-19 continues to unfold, our threat intelligence provides key insight into how attackers are adjusting their tactics,” comments WatchGuard chief technology officer Corey Nachreiner. 
“While there's no such thing as ‘the new normal' when it comes to security, businesses can be sure that increasing protection for both the endpoint and the network will be a priority in 2021 and beyond. It will also be important to establish a layered approach to information security, with services that can mitigate evasive and encrypted attacks, sophisticated phishing campaigns and more.”

WatchGuard's quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard appliances. Appliance owners have opted in to share data.