Cybercriminals increasingly are targeting midsize companies with massive increases in scripting attacks and overall malware attempts, according to the latest quarterly security report by WatchGuard Technologies.
The report is based on Firebox Feed data from nearly 30,000 active WatchGuard unified threat management (UTM) appliances globally. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasizing the importance of layered security and advanced threat prevention solutions.
“A challenge that I’ve heard from IT product and service providers is that they sell a security solution – like traditional, signature-based antivirus – only to later learn that their customer was still hit with ransomware or a malware infection,” he said. “Today, the channel has newer anti-malware offerings that use proactive detection techniques, such as behavioral analysis, or machine learning. It’s more difficult for malware to evade these newer solutions. I recommend the channel take advantage of our findings to sell more advanced malware-detection solutions or renew legacy antivirus technologies with options that can better protect their customers.”
Scripting threats account for 68 percent of all malware. The sum total of these script-based attacks accounted for the vast majority of the malware detected last quarter.
Total malware instances spiked by 81 percent during the third quarter and malware attempts likely will increase dramatically this quarter as well, WatchGuard said.
Cross-site scripting (XSS) attacks, which allow cybercriminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports showed XSS attacks confined to Spain, but in the third quarter, attacks broadly affected every country.
Legacy antivirus (AV) missed only 24 percent of new malware, according to the report. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at nearly 47 percent in in the second quarter. However, the third quarter was a marked improvement with only 23.8 percent of new or zero-day malware able to circumvent AV.
Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious, and often malicious sites, WatchGuard said. While potentially malicious iframes showed up everywhere, including in the United States and Canada, their numbers jumped significantly in both the United Kingdom and Germany.
Attacks targeting authentication and credentials, like Mimikatz, returned in a big way during the third quarter. Aside from Mimikatz, web login attempts were also highly visible, proving that attackers are continuing to target the weakest link — credentials.
“(The channel) should build additional professional service offerings around security solutions,” Nachreiner said. “The channel is already selling SMB customers multifunction security appliances to solve all their security needs quickly. However, some small organizations don’t even have the time to maintain and monitor these appliances. Monitoring can help incident teams quickly respond to any security issue that does make it through your defenses. More IT channel partners should consider wrapping their own security services around the products they offer. Security audits and penetration testing, as well as 24/7 MDR monitoring services are an obvious start. These sorts of offers not only help the customer, but with more margin in services, they can help the channel continue to grow their business.”