By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies
Cybersecurity threats continue to grow every year, with hackers consistently staying one step ahead through increasingly sophisticated, targeted attacks. Compounding that, for many organizations the shift to a hybrid workforce has dramatically increased the attack surface, offering more ways than ever for the bad guys to get in. To provide some insight into the threat landscape, each quarter WatchGuard Technologies’ Threat Lab releases an Internet Security Report (ISR) based on threat intelligence and security expertise, outlining the top malware trends and network security threats over the previous three months.
Our most recent report, which looks at Q4 2021, revealed a record number of evasive malware attacks for the quarter, with a 33% increase in advanced threats, as well as the largest total network intrusion detections of any quarter over the past three years. So, let’s take a look at some of the key takeaways from this year’s report:
Total network attack detections continue to climb, highlighting the complexity of network security – The trajectory of network intrusion detections continued its upward climb with the largest total detections of any quarter in the last three years. This also represented a 39% increase quarter over quarter. This may be due to the continued targeting of old vulnerabilities as well as the growth in organizations’ networks; as new devices come online and old vulnerabilities remain unpatched, network security is becoming more complex.
Malware threats were detected in EMEA at a much higher rate than other regions in the world – Europe, the Middle East and Africa were also the regions most targeted by malware threats in Q4. In fact, EMEA saw malware detections per Firebox (49%) at near or above double the rate as other regions of the world (AMER 23% and APAC 29%).
78% of malware delivered via encrypted connections is evasive – Overall, 67% of malware detections arrived over an encrypted connection, and within those malware detections, 78% were zero day malware threats that evade basic detections. This continues a trend seen in previous quarters. These threats can often be stopped at the perimeter by setting firewalls to decrypt and scan incoming traffic – a step that, unfortunately, many organizations fail to take.
A new leader in Office exploit malware emerges – Q4 saw a significant incidence of malware targeting Office documents, similar to findings from Q3. CVE-2018-0802 remains on the top 10 malware list, landing at number 5 this quarter, up one spot from last quarter, and remains on the most widespread malware list. Researchers suspect this may have replaced CVE-2017-11882 as the top Office exploit.
Emotet comes back with a vengeance – Two new malware domains were added this quarter to the list of top malware domains detected by WatchGuard. One of these domains, Skyprobar[.]info, has been linked to Emotet, the banking trojan that has evolved into a C2 and distribution infrastructure malware for other payloads. After diminishing due in part to direct disruption by US law enforcement, the Emotet malware saw a resurgence in Q4 2021.
In Q4 the Threat Lab saw the highest level of zero day threats the team has ever recorded, as well as an attack surface reaching well outside the network perimeter to home networks, mobile phones, smart devices, and more. This clearly demonstrates that attackers are getting more sophisticated and threats are becoming more damaging. To address this, organizations must implement a truly unified approach to security that is able to adjust quickly and efficiently in the face of emerging threats. By wrapping security services into a simple, “single pane of glass” strategy, organizations and casual Internet users alike can stay a step ahead of threat actors and significantly lower the chance of an attack.
About the Author
Corey Nachreiner is the Chief Security Officer at WatchGuard Technologies. A front-line cybersecurity expert for nearly two decades, Corey regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles and is the primary contributor to the Secplicity Community, which provides daily videos and content on the latest security threats, news and best practices. A Certified Information Systems Security Professional (CISSP), Corey enjoys “modding” any technical gizmo he can get his hands on and considers himself a hacker in the old sense of the word. Corey can be reached at https://www.watchguard.com.
;
We are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.