From Procurement to Profit

Report Shows Surge in Malware Attacks

A new report shows continuing growth of new malware and attack techniques, highlighting the need for layered defenses, advanced threat prevention and stringent security policies.

WatchGuard Technologies, a provider of advanced network security solutions, announced the findings in its quarterly Internet Security Report, which tracks computer and network security threats affecting small to midsize businesses.

The findings include massive increases in scripting attacks and other malware attempts against midsize companies throughout the third quarter of 2017.

The data project continued growth of new malware and other attack techniques in the coming months.

The ever-growing array of evolving security threats can seem overwhelming to the average small business with limited staff and resources, the company said.

Major findings from the quarterly report include:

  • Scripting threats account for 68% of all malware. These include JavaScript and Visual Basic Script threats, such as downloaders, and accounted for the vast majority of the malware detected in Q3.
  • Malware quantities have skyrocketed; a trend that will likely continue. Total malware instances spiked by 81% this quarter over last. With more than 19 million variants blocked in Q3 and the holiday season approaching, malware attempts will likely increase dramatically in Q4 as well.
  • Cross-site Scripting (XSS) attacks plague web browsers. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow.
  • Legacy antivirus (AV) missed 24% of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47% in Q2. This improved markedly in the latest quarter,  with only 23.77% of new or zero day malware able to circumvent AV.
  • Suspicious HTML iframes surface everywhere. Attackers are continuing to leverage the HTML iframe tag to transport unsuspecting victims to malicious sites.
  • Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials increased. Brute force web login attempts were also highly visible, indicating that attackers are continuing to target credentials.

The report is available on GitHub for download and use.

WatchGuard Technologies, Inc. is a provider of network security and threat management systems.

You might also like