WatchGuard Q3 Report: Script-based, Malware Attacks Skyrocket

WatchGuard’s Q3 Internet Security Report, which examines security threats affecting small- to-midsize businesses and distributed enterprises, recorded “massive” increases in scripting attacks and overall malware volume, the company said.

“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, WatchGuard’s chief technology officer. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof."

Every business, he said, can benefit from deploying “multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”

Here are the study’s key findings:

  • Scripting threats, such as downloaders, accounted for 68 percent of all malware.
  • Total malware instances spiked by 81 percent this quarter over last. With the holiday season upon us, malware attempts are likely to noticeably jump again in Q4.
  • Cross-site scripting (XSS) attacks, which enable cyber criminals to inject malicious script into web sites, continued to grow, first appearing in Spain but now showing up internationally.
  • In Q3, the percentage of new or zero day malware that skirted anti-virus software dropped to 24 percent from a high of 47 percent in Q2.
  • Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious, often malicious sites. Malicious iframes jumped significantly in both Great Brain and Germany.
  • Attacks targeting authentication and credentials increased, as brute force web login attempts proved that attackers still target the weakest link in credentials.
  • Most network exploits still target web servers, browsers, and applications.
  • Malware hit EMEA the hardest in Q2, with about 72 percent of the total detected malware detected by WatchGuard. Malware hits in the Americas dropped to about 22 percent of the total for the quarter.

WatchGuard’s Q3 report also includes strategies to defend against the latest attack styles and examines supply chain attacks that hit in Q3, namely, NetSarang, Ccleaner and fake Python packages. The company’s previous Q2 report revealed that hacking tactics to access user credentials are growing in prevalence, and that a record 47 percent of all malware is new or zero day, capable of circumventing signature-based antivirus solutions.

“Login access is a top priority for criminals,” Nachreiner said at the time. “Knowing this, businesses must harden exposed servers, seriously consider multi-factor authentication, train users to identify phishing attacks and implement advanced threat prevention solutions to protect their valuable data.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.