The ever-growing mob of constantly evolving security threats can seem overwhelming to the average small business with limited staff and resources. WatchGuard’s Internet Security Report examines the modern threat landscape and delivers key data, educational guidance and in-depth research to help readers understand the latest attack trends and update their defenses. Major findings from the Q3 2017 report include:
Malware quantities have skyrocketed; a trend that will likely continue. Total malware instances spiked by 81 percent this quarter over last. With more than 19 million variants blocked in Q3 and the holiday season approaching, malware attempts will likely increase dramatically in Q4 as well.
Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.
Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioral detection solutions are still the most effective way to block advance persistent threats.
Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious, and often malicious sites. While potentially malicious iframes showed up everywhere, including the U.S. and Canada, their numbers jumped significantly in both the UK and Germany.
Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials (like Mimikatz) returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.