WatchGuard: Old Equifax Vulnerability, Microsoft Office Targeted Widely in Q3
One of the most common network attacks during the third quarter targeted the same vulnerability exploited in the massive Equifax data breach in September 2017.
That’s according to WatchGuard Technologies‘ Internet Security Report for Q3 2019. The report, based on anonymized data from nearly 37,000 active WatchGuard firewall appliances, also found a significant spike in zero day/never-before-seen malware, an increase in malware attacks targeting the Americas, and several malware campaigns using tools from the Kali Linux ethical hacking/penetration testing suite.
Corey Nachreiner, WatchGuard’s CTO, tells us that while it’s not a traditional MSSP-delivered service, multifactor authentication (MFA) is a security control that SMBs and midmarket organizations still struggle to deploy throughout their organizations. Smaller companies may use it for administrators and privileged users, but many don’t deploy it for all employees, he said.
“With more SaaS-based MFA solutions hitting the market, MSSPs are in a great position to help deploy MFA more widely,” he said. “Lost or stolen credentials cause a large percentage of data breaches, so MSSPs could really benefit from providing strong authentication services to their customers. Besides that, the amount of advanced malware getting past legacy antivirus (AV) proves the importance of managed detection and response (MDR). Our findings from this quarter indicate this is only getting worse — legacy AV is completely insufficient. If you haven’t started offering MDR services to your clients, now is a great time.”
Debuting on WatchGuard’s list of top 10 most popular network attacks, Apache Struts 2 Remote Code Execution allows attackers to install Python or make a custom HTTP request to exploit the vulnerability used in the Equifax breach with just a few lines of code and obtain shell access to an exposed system. This threat was accompanied by two additional Apache Struts vulnerabilities on the top 10 network attacks list in Q3, as overall network attacks increased in volume by 8%.
“Successful exploits tend to get reused, but it was unusual to see the exploit resurface after so much time has passed, and indicates that companies may not have been as diligent about patching Apache Struts as they could have been,” Nachreiner said.
Two malware variants affecting Microsoft Office products made WatchGuard’s top 10 list of malware by volume, as well as the top 10 most-widespread malware list last quarter. This indicates that threat actors are doubling down on both the frequency with which they leverage Office-based attacks, as well as the number of victims they’re targeting. Both attacks were primarily delivered via email, which highlights why organizations should increasingly focus on user training and education to help them identify phishing attempts and other attacks leveraging malicious attachments.
After stabilizing at around 38% of all malware detections over the past several quarters, zero-day malware accounted for half of all detections in the third quarter. The overall volume of malware detected increased by 4% compared to the second quarter, with a massive 60% increase over the year-ago quarter. The fact that half of malware attacks from July to September were capable of bypassing traditional signature-based solutions illustrates the need for layered security services that can protect against advanced, ever-evolving threats, according to WatchGuard.
Two new malware variants involving Kali Linux penetration testing tools debuted on WatchGuard’s top 10 list of malware by volume in the quarter. The first was Boxter, a PowerShell trojan used to download and install potentially unwanted programs onto a victim’s device without consent, and the second was Hacktool.JQ, which represents the only …
- Page 1
- Page 2