Security in the network Q4 2017: macro viruses and malware 0-day more and more

WatchGuard has released another report on network security covering the period of Q4 2017. Among the most important findings of the report, information on threats from Firebox equipment protecting small and medium enterprises (SMBs) and distributed companies around the world has shown that the number of malware attacks has increased by 33 percent and cybercriminals are increasingly using Microsoft Office documents to deliver malware.

The Internet Security WatchGuard report includes a quarterly update of the most common security threats currently targeted at companies, as well as key strategies that they can use to protect employees and clients against data theft.

The most important conclusions from the report for the fourth quarter of 2017

Cybercriminals used malicious Office documents to deceive victims

Dynamic data exchanges (DDE) were among the top ten malicious programs in WatchGuard in the fourth quarter, and hackers increasingly used problems in this Microsoft Office standard to execute code. Also known as "malware-free malware", these malicious documents often use PowerShell and a special script to bypass network security. In addition, two of the ten most common network attacks in the fourth quarter concerned Microsoft Office exploits, further emphasizing the growing tendency for malicious attacks on documents.

General malware attacks have increased significantly, while zero-day malware has increased by 167 percent

WatchGuard Fireboxes blocked more than 30 million of all malware variants in the fourth quarter, a 33% increase over the previous quarter. Of the total number of threats eliminated in the fourth quarter, the number of new or malicious instances of malware has increased sharply by 167 percent compared to the third quarter. This increase is likely to be attributed to increased criminal activity during the holiday season.

Almost half of all malicious programs were not recognized by basic antivirus solutions (AV).

WatchGuard Fireboxes blocks malicious software using both signature-based detection techniques and a modern, proactive behavior detection solution - APT Blocker. When APT Blocker detects the malware variant, it means that older signature-based AV programs have missed it. This zero-day malware accounted for 46 percent of all malicious programs in the fourth quarter. This level of growth suggests that criminals use more sophisticated cloaking techniques capable of shedding attacks beyond traditional AV services, further underlining the importance of behavioral defense mechanisms.

Attacks using scripts account for 48 percent of malicious software

Script-based attacks captured by signatures for JavaScript and Visual Basic Scripts, such as downloaders and droppers, accounted for the majority of detected malicious programs in the fourth quarter. Users should take into account the continued popularity of these attacks and beware of malicious scripts on websites and all types of e-mail attachments.

Security in the Q4 2017 network: WatchGuard report

The full Internet security report includes a description of the most widespread malware and network attacks in the quarter, recommendations on useful defense strategies in today's threat environment, and a detailed analysis of the Krack Attack - one of the most important information security issues in 2017.

In addition, the report includes a new research project from WatchGuard Threat Lab, which analyzes a database containing over 1 billion stolen password records to highlight how often users choose weak passwords and re-use credentials across multiple accounts.

Conclusions from this quarter are based on anonymous Firebox Feed data from nearly 40,000 active WatchGuard firewalls around the world that blocked over 30 million malware variants (783 per device) and 6.9 million network attacks (178 per device) in the fourth quarter 2017

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.