Anyone in IT knows the importance of securing an environment from malicious actors, utilizing a proactive security plan, and developing
a disaster recovery plan for worst-case scenarios. Despite technologies getting better and IT plans being put in place, malware attacks persist. According to a
WatchGuard Technologies report, total malware attacks discovered in Q3 2019 rose by 30%, based on WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet. So, where are these threats coming from, and more importantly, how can enterprises protect themselves from such attacks?
A Look at the Threat
Security attacks have no boundaries, and they can be initiated by hackers, governments, and other organizations. Regardless of where they're coming, one thing is clear – attacks are increasing dramatically. From their analysis, WatchGuard's team of threat researchers observed a significant increase in both malware and network attacks in Q3 2019. For instance, zero-day malware (attacks that bypass traditional signature-based solutions) increased to almost 50% of all malware. In their report, they also discovered:
- Network attacks rose 8% from Q2 to Q3, while the number of unique attacks remained stable at 345, according to WatchGuard.
- Two Apache Struts exploits were found, including the one that was responsible for the Equifax breach.
- By region, the Americas detected the most malware at 42% of overall malware, according to WatchGuard. Europe and the Middle East (EMEA) experienced 30% of the overall malware detected, and APAC regions had the remaining 28% of malware detected.
- The largest majority of widespread malware attacks (attacks that affect a large number of individuals) targeted the Americas at 60% of the total, while Brazil was also targeted with a high volume of attacks.
- The credential threats continue. Mimikatz threats that are used to primarily steal users’ passwords were the number one threat but have dropped to number three for WatchGaurd. An emerging new credential threat, Windows Credential Editor (WCE), was added to the list, demonstrating that authentication mechanisms are still a target.
How to Protect Your Network
While there is no 100% guarantee that the security measures you put in place will prevent an attack, there are things that you can do to put you on a solid security footing, including:
- Use tools that catch code injectors – most malware detections came from two code injection malware payloads, Win32/Heri and Win32/Heim.D. Make sure you are using tools that watch the process behaviors and can detect malicious deviations.
- Phase-out Flash – Some users still run old versions of Adobe Flash that leave them vulnerable to attack.
- Maintain your own web app infrastructure.
- Use proactive anti-malware for security enforcement
- Employ multi-factor authentication
- Don’t postpone patching
- Keep web apps up-to-date
- Beware of baffling or confusing certificates
As security tools evolve, so do attackers – never assume that your tools will be perfect. Successful security operations are much like first responders; they act within a short amount of time to fix the issue, but unfortunately, sometimes they can’t save the day. For attacks that get through and cause damage to your enterprise, take it as a teachable moment to find ways to mitigate the problem in the future.