Network attacks increased in the third quarter, WatchGuard says

According to a new report, one network attack focused on the same vulnerability that was exploited in the Equifax data breach from September 2017.

10 good habits of network administrators
An IT manager with more than 20 years of experience shares 10 habits that have served him well in his career.

Keeping up with the latest tactics and tricks from cyber criminals is a challenging process, especially as the level of certain threats seems to keep rising from quarter to quarter.

There was a jump in the number of network attacks in the third quarter, as described in WatchGuard Technologies’ “Internet Security Report for Q3 2019” on Wednesday.

SEE: Network attacks and their detection mechanisms: an assessment (free PDF) (TechRepublic)

For the quarter, the network attacks increased by 8% compared to the second quarter of 2019.

One of the top 10 most “popular” network attacks that WatchGuard saw last quarter exploits a vulnerability found in the open-source Apache Struts web application framework, the same vulnerability used in the Equifax data breach from September 2017.

More specifically, cyber criminals use Apache Struts 2 Remote Code Execution to install Python or create a custom HTTP request with just a few lines of code to gain shell access to an exposed system.

Other threats analyzed for the quarter made use of two additional vulnerabilities from Apache Struts, a reminder that web administrators should fix security breaches as quickly as possible.

WebGuard provided good and bad news in the area of ​​malware. The good news? The total number of malware detections decreased by 4% from the second quarter. The bad news? The number was a huge jump of 60% from the third quarter of 2018.

In particular, zero-day malware instances accounted for half of all malware detections in the last quarter, an increase of around 38% in the past quarters.

This shows that half of all malware attacks in the third quarter could bypass traditional signature-based security solutions, indicating the need for more layered security methods.

Microsoft Office remains another exploitable product. There were two malware variants on the Top 10 list of WatchGuard that focus on Office products.

Both attacks were mainly carried out via e-mail, meaning that organizations should focus on training and education to help users learn to identify phishing e-mails and messages with malicious attachments.

Cyber ​​criminals seem to use legitimate penetration testing tools for nefarious purposes. Two WatchGuard malware variants used the Kali Linux penetration test tools.

A variant, called Boxter, is a PowerShell trojan that is used to download and install unwanted programs on a user’s device without permission. The other, known as Hacktool.JQ, was the only other authentication attack tool besides Mimikatz that appeared on WatchGuard’s list.

Researchers were unsure whether the increase in this type of detection was due to legitimate penetration testing activities or malicious attackers using readily available open source tools.

Anyway, organizations should continue to use anti-malware services to protect their data, they said.

Finally, malware attacks on America rose considerably. More than 42% of such attacks were carried out on organizations and users in North, Central and South America, compared to only 27% in the second quarter.

WatchGuard was unclear about the specific reasons, but organizations in these regions should be aware of this trend, it said.

The findings for WatchGuard’s “Internet Security Report for Q3 2019” are derived from anonymized Firebox Feed data from active WatchGuard Unified Threat Management devices whose owners have agreed to share data. More than 37,000 devices worldwide contributed information about threat information to the report.

Cyber ​​Security Insider Newsletter

Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday

Register today

Also see

Image: Getty Images / iStockphoto

Similar Posts

Leave a Reply