Content, Content

WatchGuard: Hackers Target Corporate Networks Despite Shift to Remote Work


Despite the shift to remote work, hackers continue to aggressively target corporate networks. Moreover, the rise of COVID-19-related malicious domains and phishing campaigns continues, WatchGuard said in its recent Internet Security Report for Q3 2020.

Key findings from the report include:

Network attacks. Rose by 90% from Q2 to 3.3 million, the highest level in two years. Unique network attack signatures also hit a two-year high in Q3. Takeaway: Businesses must prioritize maintaining and strengthening protections for network-based assets and services even as work forces become increasingly remote.

COVID-19. In Q3, a COVID-19 adware campaign running on websites used for legitimate pandemic support made WatchGuard’s list of the top 10 compromised websites. WatchGuard also uncovered a phishing attack hosting a bogus login page with an email lure around small business COVID-19 relief from the United Nations. Takeaway: Attackers will continue to exploit fear, uncertainty, and doubt from the pandemic to victimize organizations.

Phishing attacks and malicious links. In Q3, WatchGuard’s DNSWatch service blocked a combined 2.8 million malicious domain connections, or roughly 500 blocked connections per organization in total. Takeaway: A closer look shows that each organization would have reached 262 malware domains, 71 compromised websites, and 52 phishing campaigns.

Industrial control systems. In Q3, attackers exploited a previously-patched authentication bypass vulnerability in a popular supervisory control and data acquisition (SCADA) control system. Takeaway: Attackers targeted nearly 50% of U.S. networks with SCADA threats in Q3, a sign that bad actors could focus on industrial control systems in 2021.

LokiBot look-a-like. Farelt, a password stealer that resembles LokiBot was one of the most widespread malware detections in Q3. It’s not clear if the Farelt botnet uses the same command and control structure as LokiBot but it’s likely the SilverTerrier malware group created both malware variants. Takeaway: WatchGuard found solid evidence that Farelt has likely targeted many more victims than the data shows.

Emotet. The infamous banking trojan and password stealer appeared on WatchGuard’s top 10 malware list for the first time in Q3 and almost made the top 10 list of domains distributing malware. Takeaway: This is significant considering WatchGuard’s Threat Lab and other researchers have seen current Emotet infections dropping additional payloads like Trickbot and Ryuk ransomware.

“While there’s no such thing as ‘the new normal’ when it comes to security, businesses can be sure that increasing protection for both the endpoint and the network will be a priority in 2021 and beyond,” said Corey Nachreiner, WatchGuard chief technology officer. “It will also be important to establish a layered approach to information security, with services that can mitigate evasive and encrypted attacks, sophisticated phishing campaigns and more.”

WatchGuard’s Q3 report is based on anonymized Firebox Feed data from roughly 48,000 of the company's appliances.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.