WatchGuard: Equifax breach vulnerability surfaces as top network attack
Network attacks and malware both increased in Q3 2019, according to WatchGuard Technologies Internet Security Report. New research highlighted a rise in zero-day malware detections along with greater Microsoft Office exploits and legitimate penetration testing tools.
Notably, Apache Struts exploits were included on WatchGuard’s top ten most popular network attacks for the first time. This same vulnerability was behind the 2017 Equifax breach. Apache Struts 2 Remote Code Execution enables attackers to install Python or make a custom HTTP request to exploit the vulnerability with just a few lines of code and obtain shell access to an exposed system. Two additional Apache Struts vulnerabilities made it onto the top ten. The fallout from the Equifax breach put the severity of this vulnerability on the map and should act as a cautionary tale to Web admins to patch known flaws as soon as possible.
“Our latest threat intelligence showcases the variability and sophistication of cyber criminals’ growing playbook. Not only are they leveraging notorious attacks, but they’re launching evasive malware campaigns and hijacking products, tools and domains we use every day,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “As threat actors continue to modify their tactics, organisations of every size must protect themselves, their customers and their partners with a set of layered security services that cover everything from the core network to endpoints, to the users themselves.”
The report also found that attackers continue to favour Microsoft Office exploits as two malware variants affecting Microsoft office made it onto the top ten list. Threat actors have both doubled down on the frequency of Office-based attacks and the number of victims they target.
Further, zero-day malware instances made up 50% of all malware detections after stabilising around 38% for the past several quarters. Overall malware detection rose by 4% since Q2.
According to the report, as half of Q3 malware attacks were capable of bypassing traditional signature-based solutions, there is a significant need for layered security services that protect against advanced, ever-evolving threats.
It also reported that cyber criminals may be leveraging legitimate pentesting tools for attacks. Two malware variants involving Kali Linus penetration testing tools made their debut on the list; Boxter and Hacktool.JQ. WatchGuard stated that while it is unclear whether the rise in these detections comes from legitimate pentesting activities or malicious attackers leveraging readily available open source tools, organisations must continue to leverage anti-malware services to prevent data theft.
WatchGuard also noted that 42% of malware attacks in Q3 were aimed at North, Central and South America; up from just 27% in Q2. This signifies a geographical shift from last quarter when EMEA and APAC accounted for 30% and 28% of all malware attacks in Q3, respectively.
All findings were drawn from anonymised Firebox Feed data from active WatchGuard UTM appliances whose owners have opted in to share data. Today, 37,000 appliances worldwide contribute threat intelligence data to the report.