Quarterly safety report WatchGuard: login details the pinch of cyber criminals

WatchGuard, a leader in advanced network security solutions, has announced the results of a quarterly report on the safety of the Internet, which examines the latest threat of computer & networking for small and medium-sized businesses (SMB) and distributed enterprises. The report reveals that 47% of all malicious programs is new or zero-day and contains a comprehensive analysis of WannaCry. The findings of the Q2 2017 showed that criminal tools used to gain access to your login credentials is increasing, and record the quantity, because 47% of all malware is an entirely new code, and zero-day software. Signature-based systems are completely ineffective in the fight against this type of threat.

Corey Nachreiner, head of technology from WatchGuard Technologies so comments on the findings of the report:

Data collected from Fireboxów in Q2 shows that the authors of the threats have focused more on the stolen login data than ever before. From phishing attacks with the JavaScript-enabled and attempts to steal passwords Linux, through intensive attacks on Web servers, a common theme is that access to the login is for criminals. Knowing this, companies need to protect vulnerable servers, seriously consider the compound authentication, train users to identify phishing attacks and deploy advanced solutions to the prevention of risks in order to protect the valuable data.

Key findings from the report with the Q2 2017

Mimikatz is responsible for 36% of the top malware. The most popular open source Mimikatz tool used to steal information and data for the first time this quarter was included in the list of the 10 most harmful programs. Mimikatz, often used to steal login data Windows appeared with high frequency, that was the most common malicious software in the second quarter. This new addition to the Group of the most common variants of malicious software indicates that the attackers constantly change tactics.

Phishing attacks contain malicious JavaScript in order to confuse users. From several quarters of the attackers use JavaScript code which affected by the victims in the attacks, the Web and email. In the second quarter, the attacker used JavaScript in HTML email phishing annexes that mimic the logon page similar to popular, legitimate sites, such as Google, Microsoft and others to encourage users to pass your credentials.

Password Linux targeted in Northern Europe. Cyber criminals have used an old vulnerability in Linux applications to refer to several of the Nordic countries and the Netherlands attacks designed to steal passwords. More than 75% of attacks that take advantage of the gap in access to/etc/passwd file applies to Norway (62.7%) and Finland (14.4%). With such a large number of incoming attacks users should update the servers and devices running GNU/Linux as basic precautions.

The growth of Brute Force attacks on Web servers. This summer the attackers used automated tools against web servers to compromise user credentials. Together with an increased incidence of attacks against Web-based authentication level in Q2, the risks associated with logging to the Web servers were among the 10 largest network attacks.

Almost half of all malicious software is able to bypass the existing AV solutions. At 47 percent, more and more new malware or zero-day makes your existing antivirus software loses effectiveness. The data show that old-style signature-based software is becoming less effective, when it comes to a new type of threat detection. This only confirms the need for the solution to run on the principle of cognitive behavioral therapy.

Safety report online WatchGuard is based on anonymous data from the Fireboxów with over 33500 active devices WatchGuard UTM worldwide. Overall, these devices have blocked in Q2 over 16 million variants of malicious software. The average reported 488 samples blocked by each device.

The cube APT Blocker stopped almost 5.5 million variants of malicious software.

During the quarter the solution Gateway AV WatchGuard stopped nearly 11 million variants of the malware (35% increase compared to Q1), while the APT Blocker has detected an additional 5,484,320 variants of the malware (53 % increase compared to the first quarter). In addition, the device WatchGuard Firebox stopped nearly three millions of network attacks in the second quarter.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.