Zero-Day Vulnerabilities Demand Security Enhancements
Organizations that believe their malware protection is bulletproof may want to think again. According to a recent study by global network security provider WatchGuard Technologies, roughly 30 percent of malware is classified as new or zero-day. A zero-day vulnerability is essentially a hole in a software program that’s unknown to the vendor but that cybercriminals can exploit. The danger of these flaws is that they can successfully evade detection by legacy antivirus solutions.
The report, which studied the top malware and network trends from the fourth quarter of 2016, found that cybercriminals have grown adept at repacking or morphing malware, outpacing antivirus software providers’ ability to keep up with new signatures.
Global Malware Study
WatchGuard’s inaugural quarterly Internet Security Report is based on anonymized threat data from more than 24,000 active WatchGuard unified threat management appliances worldwide.
In the last quarter of 2016, WatchGuard’s appliances blocked some 18.7 million malware variants, averaging 758 variants per participating device, the company said. In addition, they stopped about 3 million network attacks, or 123 per participating device.
The report highlights that with nearly one-third all new malware is classified as zero-day because it went undetected by traditional antivirus offerings. That means organizations that lack an advanced threat prevention solution aren’t adequately protected.
It’s also clear that old-school, macro-based malware is still causing trouble in the wild. In fact, many spear-phishing attempts include documents with malicious Word macros, the report states.
“That is as old-school as you can get,” WatchGuard Chief Technology Officer Corey Nachreiner told CIO. “They disappeared for decades, but they’ve come back, and we can confirm that we’re blocking a whole bunch of macro-based malware.”
Top Web Attacks
Unsurprisingly, most malware attacks are web-based: 73 percent of the top intrusions in the fourth quarter of 2016 targeted web browsers in drive-by download attacks, the report found.
EKs don’t have to be new to be effective, either. In its Hacker’s Playbook, security startup SafeBreach had success using older exploit kits to attack endpoint security and secure web gateway products. Some of those EKs have been available for more than a year, the company noted.
The WatchGuard study also detected a significant number of Linux-based Trojans, likely associated with Internet of Things (IoT) attacks.
Cybercriminals’ interest in IoT devices isn’t surprising, as organizations thus far haven’t paid a great deal of attention to IoT security. The Ponemon Institute’s 2017 Study on Mobile and IoT Application Security, for instance, found that 44 percent of the IT professionals surveyed had taken no steps to prevent IoT attacks, and 11 percent said they were unsure if their organization was doing anything to thwart IoT intrusions.