Cyber Defense eMagazine March Edition for 2022
01.03.2022 Views
Share Embed Flag

Cyber Defense eMagazine March Edition for 2022

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in DC, London, FL, NY and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings site being revamped); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors). Please check them out and see how much more CDMG has to offer! Very respectfully and with much appreciation, Gary Miliefsky, Publisher

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in DC, London, FL, NY and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings site being revamped); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors).
Please check them out and see how much more CDMG has to offer!

Very respectfully and with much appreciation,
Gary Miliefsky, Publisher

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
cyberdefensemagazine

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

• Nearly half of zero-day malware is now delivered via encrypted connections – While the<br />

total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of<br />

malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower<br />

percentage of encrypted zero-days are considered advanced, but it is still concerning given that<br />

WatchGuard’s data shows that many organizations are not decrypting these connections and<br />

there<strong>for</strong>e have poor visibility into the amount of malware hitting their networks.<br />

• As users upgrade to more recent versions of Microsoft Windows and Office, attackers are<br />

focusing on newer vulnerabilities – While unpatched vulnerabilities in older software continue<br />

to provide a rich hunting ground <strong>for</strong> attackers, they are also looking to exploit weaknesses in the<br />

latest versions of Microsoft’s widely used products. In Q3, CVE-2018-0802 – which exploits a<br />

vulnerability in the Equation Editor in Microsoft Office – cracked WatchGuard’s top 10 gateway<br />

antivirus malware by volume list, hitting number 6, after showing up in the most-widespread<br />

malware list in the previous quarter. In addition, two Windows code injectors (Win32/Heim.D and<br />

Win32/Heri) came in at number 1 and 6 on the most detected list respectively.<br />

• Attackers disproportionately targeted the Americas – The overwhelming majority of network<br />

attacks targeted the Americas in Q3 (64.5%) compared to Europe (15.5%) and APAC (20%).<br />

• Overall network attack detections resumed a more normal trajectory but still pose<br />

significant risks – After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion<br />

Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of<br />

21% brought volumes down to Q1 levels, which were still high compared to the previous year.<br />

The shift doesn’t necessarily mean adversaries are letting up as they are possibly shifting their<br />

focus towards more targeted attacks.<br />

• The top 10 network attack signatures account <strong>for</strong> the vast majority of attacks – Of the<br />

4,095,320 hits detected by IPS in Q3, 81% were attributed to the top 10 signatures. In fact, there<br />

was just one new signature in the top 10 in Q3, ‘WEB Remote File Inclusion /etc/passwd’<br />

(1054837), which targets older, but still widely used Microsoft Internet In<strong>for</strong>mation Services (IIS)<br />

web servers. One signature (1059160), a SQL injection, has continued to maintain the position it<br />

has held atop the list since Q2, 2019.<br />

• Scripting attacks on endpoints continue at record pace – By the end of Q3, WatchGuard’s<br />

AD360 threat intelligence and WatchGuard Endpoint Protection, Detection and Response<br />

(EPDR) had already seen 10% more attack scripts than in all of 2020 (which, in turn, saw a 666%<br />

increase over the prior year). As hybrid work<strong>for</strong>ces start to look like the rule rather than the<br />

exception, a strong perimeter is no longer enough to stop threats. While there are several ways<br />

<strong>for</strong> cybercriminals to attack endpoints – from application exploits to script-based living-off-the-land<br />

attacks – even those with limited skills can often fully execute a malware payload with scripting<br />

tools like PowerSploit, PowerWare and Cobalt Strike, while evading basic endpoint detection.<br />

• Even normally safe domains can be compromised – A protocol flaw in Microsoft’s Exchange<br />

Server Autodiscover system allowed attackers to collect domain credentials and compromise<br />

several normally trustworthy domains. Overall, in Q3 WatchGuard Fireboxes blocked 5.6 million<br />

malicious domains, including several new malware domains that attempt to install software <strong>for</strong><br />

cryptomining, key loggers and remote access trojans (RATs), as well as phishing domains<br />

masquerading as SharePoint sites to harvest Office365 login credentials. While down 23% from<br />

the previous quarter, the number of blocked domains is still several times higher than the level<br />

seen in Q4 2020 (1.3 million). This highlights the critical need <strong>for</strong> organizations to focus on keeping<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 37<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!