Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest Internet Security Report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections. While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. WatchGuard’s data shows that many organisations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.
Corey Nachreiner, chief security officer at WatchGuard, said “While the total volume of network attacks shrank slightly, malware per device was up for the first time since the pandemic began,” “The security environment continues to be challenging, so it’s important that organisations go beyond the short-term ups and downs and seasonality of specific metrics and focus on persistent and concerning trends factoring into their security posture. An important example is the accelerating use of encrypted connections to deliver zero days.”
- Attackers disproportionately targeted the Americas – The overwhelming majority of network attacks targeted the Americas in Q3 (64.5%) compared to Europe (15.5%) and APAC (20%).
- Overall network attack detections resumed a more normal trajectory but still pose significant risks – After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of 21% brought volumes down to Q1 levels, which were still high compared to the previous year. The shift doesn’t necessarily mean adversaries are letting up as they are possibly shifting their focus towards more targeted attacks.
- The top 10 network attack signatures account for the vast majority of attacks – Of the 4,095,320 hits detected by IPS in Q3, 81% were attributed to the top 10 signatures. In fact, there was just one new signature in the top 10 in Q3, ‘WEB Remote File Inclusion /etc/passwd’ (1054837), which targets older, but still widely used Microsoft Internet Information Services (IIS) web servers. One signature (1059160), a SQL injection, has continued to maintain the position it has held atop the list since Q2, 2019.
Read More News: https://www.enterpriseitworld.com/
Watch CIOs Tech Perspectives: https://ciotv.live/
Read IT Partner News on: https://www.smechannels.com/
