Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

Endpoint Malware and Ransomware Volume Already Exceeded 2020 Totals by the End of Q3 2021 By Corey Nachreiner, CSO, WatchGuard Technologies The cybersecurity landscape of today is constantly evolving and threat actors are not far behind as they target users with increasingly sophisticated and complex attacks. To help both professionals and casual Internet users alike better understand the current state of these threats, WatchGuard wanted to share our quarterly Internet Security Report (ISR), which outlines the latest malware and network attacks in Q3 2021. The most shocking statistic from this recent report revealed that the volume of endpoint malware and ransomware exceeded all of 2020 by the end of Q3 2021. The research (done by the Threat Lab) also found that a significant percentage of malware continues to arrive over encrypted connections, as we saw in previous quarters, and much more. While most people continue to work in a hybrid or mobile workforce model, its crucial organizations move beyond a traditional approach to cybersecurity and leverage layered-security approaches and zero-trust. So, let’s take a look at some of the top insights from the Q3 ISR: Cyber Defense eMagazine – March 2022 Edition 36 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
• Nearly half of zero-day malware is now delivered via encrypted connections – While the total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower percentage of encrypted zero-days are considered advanced, but it is still concerning given that WatchGuard’s data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks. • As users upgrade to more recent versions of Microsoft Windows and Office, attackers are focusing on newer vulnerabilities – While unpatched vulnerabilities in older software continue to provide a rich hunting ground for attackers, they are also looking to exploit weaknesses in the latest versions of Microsoft’s widely used products. In Q3, CVE-2018-0802 – which exploits a vulnerability in the Equation Editor in Microsoft Office – cracked WatchGuard’s top 10 gateway antivirus malware by volume list, hitting number 6, after showing up in the most-widespread malware list in the previous quarter. In addition, two Windows code injectors (Win32/Heim.D and Win32/Heri) came in at number 1 and 6 on the most detected list respectively. • Attackers disproportionately targeted the Americas – The overwhelming majority of network attacks targeted the Americas in Q3 (64.5%) compared to Europe (15.5%) and APAC (20%). • Overall network attack detections resumed a more normal trajectory but still pose significant risks – After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of 21% brought volumes down to Q1 levels, which were still high compared to the previous year. The shift doesn’t necessarily mean adversaries are letting up as they are possibly shifting their focus towards more targeted attacks. • The top 10 network attack signatures account for the vast majority of attacks – Of the 4,095,320 hits detected by IPS in Q3, 81% were attributed to the top 10 signatures. In fact, there was just one new signature in the top 10 in Q3, ‘WEB Remote File Inclusion /etc/passwd’ (1054837), which targets older, but still widely used Microsoft Internet Information Services (IIS) web servers. One signature (1059160), a SQL injection, has continued to maintain the position it has held atop the list since Q2, 2019. • Scripting attacks on endpoints continue at record pace – By the end of Q3, WatchGuard’s AD360 threat intelligence and WatchGuard Endpoint Protection, Detection and Response (EPDR) had already seen 10% more attack scripts than in all of 2020 (which, in turn, saw a 666% increase over the prior year). As hybrid workforces start to look like the rule rather than the exception, a strong perimeter is no longer enough to stop threats. While there are several ways for cybercriminals to attack endpoints – from application exploits to script-based living-off-the-land attacks – even those with limited skills can often fully execute a malware payload with scripting tools like PowerSploit, PowerWare and Cobalt Strike, while evading basic endpoint detection. • Even normally safe domains can be compromised – A protocol flaw in Microsoft’s Exchange Server Autodiscover system allowed attackers to collect domain credentials and compromise several normally trustworthy domains. Overall, in Q3 WatchGuard Fireboxes blocked 5.6 million malicious domains, including several new malware domains that attempt to install software for cryptomining, key loggers and remote access trojans (RATs), as well as phishing domains masquerading as SharePoint sites to harvest Office365 login credentials. While down 23% from the previous quarter, the number of blocked domains is still several times higher than the level seen in Q4 2020 (1.3 million). This highlights the critical need for organizations to focus on keeping Cyber Defense eMagazine – March 2022 Edition 37 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Why Changing Classified Document St
Page 3 and 4: Tips And Trends for OT Cybersecurit
Page 5 and 6: @MILIEFSKY From the Publisher… De
Page 7 and 8: Welcome to CDM’s March 2022 Issue
Page 9 and 10: Cyber Defense eMagazine - March 202
Page 19 and 20: level of concern while working remo
Page 21 and 22: The Fragility of a GPS Centric Worl
Page 23 and 24: Formerly known as LOng-RAnge Naviga
Page 25 and 26: The Role of The CFO In Enterprise C
Page 27 and 28: Help them mitigate potential risks
Page 29 and 30: The Safest Ways for Bitcoin Trading
Page 31 and 32: and clear instructions through a "N
Page 33 and 34: According to Cybereason’s “Rans
Page 35: If you implement these three tips,
Page 39 and 40: Don’t Become a Horrible Headline:
Page 41 and 42: pandemic era. By empowering profess
Page 43 and 44: Have We Learned from Our Past Mista
Page 45 and 46: internet, etc. How much training is
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88:
1. Look for and minimize attack sur
Page 89 and 90:
On The Frontline in The War Against
Page 91 and 92:
How to Fix Mid-Market Security Usin
Page 93 and 94:
the particular victims being target
Page 95 and 96:
5 Ways Cybersecurity Will Change In
Page 97 and 98:
#3: Supply chains will be the big r
Page 99 and 100:
Executive Order Instructs Certain O
Page 101 and 102:
• Stay ahead of fraud. Fraud cost
Page 103 and 104:
Too Hot to Handle:The case for Zero
Page 105 and 106:
Critically, endpoint security only
Page 107 and 108:
To prevent lateral movement attacks
Page 109 and 110:
Redefining Resilience in The New Wo
Page 111 and 112:
About the Author Andrew Lawton is C
Page 113 and 114:
Cyber Defense eMagazine - March 202
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
CyberDefense.TV now has 200 hotseat
Page 137 and 138:
Books by our Publisher: https://www
Page 139 and 140:
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?