IT disaster recovery, cloud computing and information security news

WatchGuard uncovers surge in script-based attacks

WatchGuard’s latest quarterly Internet Security Report, which explores the computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises, has revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017.

Scripting threats, including JavaScript and Visual Basic Script attacks, accounted for 68 percent of all malware during Q3, while total malware instances spiked by 81 percent this quarter over last, with more than 19 million variants blocked in Q3. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasising the importance of layered security and advanced threat prevention.

“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof. Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”

Other findings from the Q3 2017 report include:

  • Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.
  • Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioral detection solutions are still the most effective way to block advance persistent threats.
  • Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious and often malicious sites. While potentially malicious iframes showed up everywhere, including the US and Canada, their numbers jumped significantly in both the UK and Germany.
  • Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials such as Mimikatz, returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.
For more information, download the full report here.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.