Network attacks hit two-year high during pandemic

Network attacks and unique attack signatures both hit two-year highs between July and September this year, according to the latest Internet Security Report from WatchGuard Technologies.

  • 4 years ago Posted in
Findings from the research show that attacks detected grew to more than 3.3 million, representing a 90% increase over the previous quarter. The report reveals how COVID-19 has impacted the cyber security threat landscape, with evidence that attackers continue to target corporate networks despite the shift to remote working.

 

The report also shows a steady rise in pandemic-related malicious domains and phishing campaigns. A COVID-19 adware campaign running on websites used for legitimate pandemic support purposes made WatchGuard’s list of the top 10 compromised websites in Q3. WatchGuard also uncovered a phishing attack that leverages Microsoft SharePoint to host a pseudo-login page impersonating the United Nations (UN). The email hook contained messaging around small business relief from the UN due to COVID-19.

 

These findings highlight the fact that businesses must prioritise maintaining and strengthening protection for network-based assets and services, even as workforces become increasingly remote. “As the impact of COVID-19 continues to unfold, our threat intelligence provides key insight into how attackers are adjusting their tactics,” said Corey Nachreiner, chief technology officer at WatchGuard. “While there’s no such thing as ‘the new normal’ when it comes to security, businesses can be sure that increasing protection for both the endpoint and the network will be a priority in 2021 and beyond. It will also be important to establish a layered approach to information security, with services that can mitigate evasive and encrypted attacks, sophisticated phishing campaigns and more.”

 

Other findings in the WatchGuard Internet Security Report include:

 

·         Businesses click on hundreds of phishing attacks and bad links - In Q3, WatchGuard’s DNSWatch service blocked a combined 2,764,736 malicious domain connections, which translates to 499 blocked connections per organisation in total. Breaking it down further, each organisation would have reached 262 malware domains, 71 compromised websites, and 52 phishing campaigns.

·         Attackers probe for vulnerable SCADA systems - The one new addition to WatchGuard’s most-widespread network attacks list in Q3 exploits a previously patched authentication bypass vulnerability in a popular supervisory control and data acquisition (SCADA) control system. While this class of vulnerability isn’t as serious as a remote code execution flaw, it could still allow an attacker to take control of the SCADA software running on the server.

·         LokiBot look-a-like debuts as a top widespread malware variant - Farelt, a password stealer that resembles LokiBot, made its way into WatchGuard’s top five most-widespread malware detections list in Q3. Though it is unclear if the Farelt botnet uses the same command and control structure as LokiBot, there’s a high probability the same group, SilverTerrier, created both malware variants. This botnet takes many steps to bypass antivirus controls and fool users into installing the malware. While researching the threat, WatchGuard found strong evidence indicating the malware has likely targeted many more victims than the data suggests.

·         Emotet persists – Emotet, a prolific banking trojan and known password stealer, made its debut on WatchGuard’s top ten malware list for the first time and narrowly missed the top ten list of domains distributing malware. Despite coming in at #11 for the latter list, this appearance is particularly notable, as the WatchGuard Threat Lab and other research teams have seen current Emotet infections dropping additional payloads like Trickbot and even the Ryuk ransomware with no signs of slowing down.

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...