WatchGuard Quarterly Internet Security Report reveals that 30 per cent of malware attacks are zero-day exploits

WatchGuard Quarterly Internet Security Report reveals that 30 per cent of malware attacks are zero-day exploits

Almost a third, or 30 per cent, of malware can be classified as new or zero-day because it cannot be caught by legacy antivirus solutions, according to research published today in WatchGuard’s first Quarterly Internet Security Report, which explores the latest computer and network security threats affecting SMBs and distributed enterprises.

The results from Q4 2016, confirm that cyber criminals’ capability to automatically repack or morph their malware has outpaced the AV industry’s ability to keep up with new signatures. This means that without advanced threat prevention, companies could be missing up to a third of malware.

The WatchGuard report also shows that old threats are reappearing and macro-based malware is still prevalent. Spear-phishing attempts still rely on malicious macros hidden in files including Microsoft’s new document format, while attackers also still use malicious web shells to hijack web servers. It appears that PHP shells are alive and well, as nation-state attackers have been evolving this old attack technique with new obfuscation methods.

Other findings in the WatchGuard Q4 2016 report include:

  • JavaScript is a popular malware delivery and obfuscation mechanism with a rise in malicious JavaScript, both in email and over the web.
  • Most network attacks were aimed at web services and browsers, with 73 percent of the top attacks targeting web browsers in drive-by download attacks.
  • All of the top ten exploits were web-based attacks and the top network attack was Wscript.shell Remote Code Execution that targets Internet Explorer (IE). But strangely, this attack almost entirely affected Germany alone. Breaking it down country by country, it targeted Germany 99 percent of the time.

The new Quarterly WatchGuard Security Report covers top network and malware trends and examines the most notable cybersecurity stories, details new research from the WatchGuard Threat Lab and provides practical defence tips for security professionals.

The findings in the report are based on anonymised Firebox Feed data from WatchGuard’s 24,000 active unified threat management (UTM) appliances worldwide.

Corey Nachreiner, chief technology officer at WatchGuard Technologies, commented:

“We’re incredibly excited to introduce WatchGuard’s Internet Security Report. Our Threat Lab has been monitoring the most prevalent security industry threats and trends for years and now with the addition of the Firebox Feed—anonymised threat analytics from Fireboxes deployed around the world—we have firsthand, acute insight into the evolution of cyberattacks and how threat actors are behaving. Each quarter, our report will marry new Firebox Feed data with original research and analysis of major information security events to reveal key threat trends and provide defence best practices.”

Jonathan Whitley, sales director for Northern Europe at WatchGuard, added:

“With ransomware attempts and malicious websites dominating the headlines along with cyberattacks such as the Mirai Botnet, the SWIFT banking attacks and alleged Russian interference in the US presidential election, it was a busy quarter for cybercriminals. The insight trends, research and security tips in our Quarterly Internet Security Reports are designed to help companies stay educated and vigilant in such a dynamic threat landscape.”

The 24,000 active WatchGuard UTM appliances worldwide used to build the report blocked more than 18.7 million malware variants in Q4, which averages to 758 variants per participating device. They also blocked more than 3 million network attacks, which averages 123 attacks per participating device. The report includes a detailed breakdown of the quarter’s top malware and attack trends, the top security incidents and web and email attack trends.

In response to the rapid spread of the Mirai botnet, the WatchGuard Threat Lab has also launched an ongoing research project that analyses IoT devices for security flaws. The research highlighted in this report evaluated Wi-Fi cameras, fitness accessories and network-enabled novelty devices. This includes a deeper look at vulnerabilities the Threat Lab found in a relatively popular wireless IP camera and steps consumers should take to secure IoT devices they purchase.

For more information, download the full report here

[su_button url=”http://www.watchguide.com/” target=”blank” background=”#df2027″ color=”#ffffff” size=”10″ radius=”20″ icon=”icon: arrow-circle-right”]For more information on WatchGuard, click here [/su_button]

 

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Scroll to Top