– Latest Internet Security Report highlights danger of encrypted malware without HTTPS inspection, looks at security impact of the COVID-19 and finds
– Research also shows surge in Monero cryptominers and Flawed-Ammyy and Cryxos malware
WatchGuard® Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so would have evaded signature-based antivirus protection. These findings show that without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights that the
“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said
Other key findings from WatchGuard’s latest Internet Security Report include:
*Monero cryptominers surge in popularity. Five of the top ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility; adding a cryptomining module to malware is an easy way for online criminals to generate passive income.
*Flawed-Ammyy and Cryxos malware variants join top lists. The Cryxos trojan was third on WatchGuard’s top-five encrypted malware list and also third on its top-five most widespread malware detections list, primarily targeting
*Three-year-old Adobe vulnerability appears in top network attacks. An Adobe Acrobat Reader exploit that was patched in
*Mapp Engage,
*COVID-19 Impact. Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in these first three months of 2020, we still saw a massive rise in remote workers and attacks targeting individuals.
*Malware hits and network attacks decline. Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic.
The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the
Third-party testing has found that WatchGuard products consistently maintain high throughput when inspecting HTTPS traffic. Many competitive products show a significant degradation in performance in this scenario. For example, an independent test performed by Miercom found that the Firebox M370 outperformed competitive products while inspecting HTTPS traffic with full security services enabled.
The complete report includes key defensive best practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.
To view the full report go to: Internet Security Report for Q1 2020
About
WatchGuard®
For additional information, promotions and updates, follow WatchGuard on Twitter @WatchGuard on Facebook or on the
WatchGuard is a registered trademark of
Media Contacts:
206.876.8380, chris.warfield@watchguard.com
01442 245030, pr@prpr.co.uk / laura@prpr.co.uk
.