IT administrators are having sleepless nights as threat perimeters are perpetually trending north and vectors getting guileful and evading detection. In its Q2 2021 Internet Security Report, WatchGuard Technologies detailed the trend observed around network security and malware getting shiftier in evading detection. The report revealed that 91.5% of malware arrived over HTTPS encrypted connections.
In Q2, 91.5% of #malware arrived over an #encrypted connection, a dramatic increase over the previous quarter. Any organization that isn’t doing #HTTPS inspection is missing 9/10 of all #malware at the perimeter. https://t.co/WbVM2l570y
— watchguard (@watchguard) October 4, 2021
The report shares insights on the staggering rise across fileless malware threats, growth in ransomware, and the significant surge in network attacks. As per the report in Q2, total perimeter malware detection decreased to 16.6 million at 4%, despite a small 1% increase in the Fireboxes reporting in threat intelligence data.
Key Findings
- Malware variants XML.JSLoader and AMSI.Disable.A, constituted over 90% of malware detections over secure web connections and 12% of Gateway AntiVirus detections. This malware family uses PowerShell tools to exploit vulnerabilities in Windows.
- There was a 9-point dip in Zero-day malware from an all-time high in the last quarter. In spite of the dip, it continued to represent 64.1% of the detected malware attack.
- 2 million network exploits were detected by Fireboxes Intrusion Prevention Service (IPS) in Q2, a 22.3% increase over past quarters.
- Geographically, North and South America (AMER) were most attacked, averaging 1,744 IPS hits per Firebox. Europe, the Middle East and Africa (EMEA) followed with 764 hits per device, and the Asia Pacific (APAC) recorded 316 hits per device.
Protective Action
The report recommends a few strategies for a protective approach and curtail the attacks in the next quarter.
- Deploy an Endpoint Detection & Response (EDR) Safety Net
- Shore Up the Holes in Your Remote Access
- Create, Update, or Test your BC/DR Plan
As more reports emerge about innovative techniques being deployed by threat actors to go undetected and to evade malware analysis, this has been causing visible unrest among IT heads and administrators. A well-defined approach is needed to tackle the menace at hand, as there is a long winding path before there is some sense of normalcy and security in work patterns at organizations.
