In a nutshell: A new report from WatchGuard Technologies reveals how nearly all malware is arriving via HTTPS-encrypted connections. The firm’s latest quarterly Internet Security Report also highlights noticeable increases in fileless malware, as well as network and ransomware attacks.
The network security company said that in Q2 2021, 91.5% of malware arrived over an encrypted connection. It added that any company not examining encrypted HTTPS traffic at the perimeter will miss out on 9/10 of all malware. The data is derived from the firm’s own active WatchGuard Fireboxes.
“With much of the world still firmly operating in a mobile or hybrid workforce model, the traditional network perimeter doesn’t always factor into the cybersecurity defence equation,” said Corey Nachreiner, chief security officer at WatchGuard.
Ransomware attacks were decreasing between 2018 and 2020, but during just the first half of 2021, attacks equaled the total amount seen in 2020. Thus, this year’s volume is expected to increase by over 150% compared to 2020.
WatchGuard blocked more than 16.6 million malware variants (438 per device) and nearly 5.2 million network threats (137 per device). The report also shows how even though malware attacks experienced a small 3.8% decline in Q2, threat actors have taken advantage of hybrid work models by targeting malware towards both remote users at home and office infrastructure.
The increase in the use of malware has targeted Microsoft Exchange servers and generic email users to download remote access trojans (RATs) in “highly sensitive locations,” with the reason most likely attributed to the workforce and learners returning to hybrid offices and academic environments.
Additionally, Microsoft Office continues to be a popular malware target. Debuting on top of the 10 most-widespread network attacks list, the 2017 RCE vulnerability affects Microsoft browsers. “Though it may be an old exploit and patched in most systems (hopefully), those that have yet to patch are in for a rude awakening if an attacker is able to get to it before they do,” the report warns.
Despite remote workforces becoming more commonplace, WatchGuard detected an increase in network attacks, rising by 22% to 5.1 million compared to a million fewer during Q1. The statistics show “an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-focused protections.”
A new threat report from Eset, meanwhile, detailed how hackers are turning up their efforts for guessing passwords. Between May and August 2021, the security firm detected 55 billion new brute-force attacks focused on public-facing RDP (Remote Desktop Protocol) services, a 104% increase compared to the 27 billion attacks carried out during the first four months of 2021. Attackers are exploiting the opportunity because of the increase in remote working; the pandemic has led to much of the workforce utilizing remote-desktop services.
https://www.techspot.com/news/91520-majority-malware-occurs-https-encrypted-connections.html
