The recently published Internet Security Report from WatchGuard Technologies shows a clear malware concentration in Europe for the period from October to December 2021. In the EMEA region, the number of detected malware-based threats was almost double compared to the rest of the world.
In this context, however, the quality of the relevant threat is again remarkable. The researchers at the WatchGuard Threat Labs, who identify and analyze in detail the most important attack trends every three months based on the anonymized feed data of the Firebox appliances used worldwide, were able to determine a 33 percent increase in the particularly insidious "evasive malware" variants. This significantly increases the risk emanating from zero-day threats.
Rise in zero-day threats
"On the corporate side, the ongoing shift towards a decentralized workforce is creating more and more potential security gaps that need to be closed," says Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, summarizing the current challenge facing many companies: "Given the highest , depending on the number of zero-day threats recorded and an attack surface that now extends far beyond the traditional network perimeter to IoT, home networks and mobile devices, it has become almost indispensable for companies to pursue a holistic and uniform security concept. It must also be possible to adapt this quickly and efficiently to a rapidly changing threat landscape at any time. Regular updates and patches for the systems used are a minimum requirement in this context. They are among the simplest and at the same time most important measures to stop hackers.”
Key Findings Internet Security Reports
- The continuously increasing number of attacks underpins the complexity of the requirements when it comes to network security - Network breaches continue to rise steadily and the number of events detected reached a three-year high in the last quarter of 2021 - up 39 percent quarter-on-quarter. This can be attributed not least to the fact that old vulnerabilities are still being exploited. Added to this is the further expansion of corporate networks, which of course increases the attack surface.
- 78 percent of malware transmitted over encrypted connections are evasive variants that are undetectable by signature-based security solutions – A total of 67 percent of the identified malware used encrypted connections to spread. 78 percent of these were evasive, zero-day malware threats that elude traditional detection methods. This continues a trend that has already been observed in previous quarters. Such threats could often be stopped at the perimeter by firewalls set to decrypt and scan all incoming traffic. In the ranks of many companies, however, corresponding measures have still not been implemented.
- New Leader in Office Exploit Malware Emerges - Q4, consistent with the previous quarter, saw a significant incidence of malware targeting Office documents and exploiting vulnerabilities. The malware detected in connection with the CVE-2018-0802 vulnerability, which was extremely widespread in Q4 2021, even climbed one place on the top 10 malware list and reached position 5 this time. The researchers suspect that this vulnerability has replaced the previously leading "CVE-2017-11882" vulnerability as the leading Office exploit.
- Emotet is back - Two new domains were added to WatchGuard's list of top malware domains this quarter. One of them, Skyprobar[.]info, is linked to the Emotet banking Trojan, which recently developed into a gateway for various malware payloads via command-and-control infrastructures. After the law enforcement authorities of several countries managed to overturn the underlying structures at the beginning of 2021, Emotet was initially quiet - until the revival in the fourth quarter of 2021.
WatchGuard Q4 2021 Internet Security Reports
All of these findings in WatchGuard's quarterly research report are based on de-identified Firebox Feed data from active WatchGuard Fireboxes whose owners have consented to the sharing of data to support the Threat Lab's research. In Q2021 23,9, WatchGuard blocked a total of more than 313 million malware variants (5,9 per device) and approximately 75 million network threats (2021 per device). In addition to the diverse insights into the malware and network trends from the fourth quarter of 4, the full report also contains a detailed analysis of the LogXNUMXShell vulnerability, adequate information on recommended security strategies and important defense tips for companies of all sizes and industries.
More at WatchGuard.com
About WatchGuard WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,