WatchGuard Technologies has announced the release of its Security Report for Q3 2019 that includes a list of popular attacks.
Network security and intelligence firm WatchGuard Technologies released the Internet Security Report for Q3 2019. Multiple Apache Struts vulnerabilities, including the one used in the Equifax data breach, appeared for the first time on the WatchGuard’s list. The report also shows us a significant rise in zero-day malware detections, increasing the use of Microsoft Office exploits and legitimate penetration testing tools.
List of most popular attacks
Apache Struts 2 Remote Code Execution: The major vulnerability is enabling attackers to install Python or make a custom HTTP request to exploit the vulnerability with a few lines of code and obtain shell access to an exposed system. Apache Struts 2 vulnerability was used in Equifax data breach and this is the first appearance of it on the WatchGuard’s list. This threat was accompanied by two additional Apache Struts vulnerabilities on the top ten network attacks list in Q3.
Microsoft Office exploits: Two malware variants affecting Microsoft Office products made it to the list, as well as the top ten most-widespread malware list last quarter. This means threat actors are doubling down on both the frequency with which they leverage Office-based attacks, as well as the number of victims they’re targeting. These attacks were mostly delivered by emails.
Zero-day malware instances: In Q3, zero-day malware instances spiked to 50% after stabilizing at around 38% for the past several quarters. Half of the malware attacks in Q3 were capable of bypassing traditional signature-based solutions. Thus, layered security services are needed to protect against advanced and ever-evolving threats.
Legitimate pentesting tools: Two new malware variants involving Kali Linux penetration testing tools are also making their first appearance on the list. One of them is Boxter, a PowerShell trojan used to download and install potentially unwanted programs. Another one is Hacktool.JQ, which is the only other authentication attack tool besides Mimikatz to make the list. It’s unclear whether attacks come from legitimate pentesting activities or malicious attackers leveraging readily available open-source tools.
Targetting Americas: More than 42% of attacks were targeting North, Central, and South America in Q3 2019. This represents a significant geographic shift in focus for attackers compared to last quarter, as EMEA and APAC accounted for 30% and 28% of all malware attacks in Q3. Motivations behind this shift are unclear.
Corey Nachreiner, chief technology officer at WatchGuard Technologies said:
“Our latest threat intelligence showcases the variability and sophistication of cybercriminals’ growing playbook. Not only are they leveraging notorious attacks, but they’re launching evasive malware campaigns and hijacking products, tools and domains we use every day. As threat actors continue to modify their tactics, organizations of every size must protect themselves, their customers and their partners with a set of layered security services that cover everything from the core network to endpoints to the users themselves.”