WatchGuard’s Q4 2017 Internet Security Report Released; Malicious Office Document Usage on the Rise

Today, WatchGuard Technologies released its quarterly Internet Security Report covering Q4 2017. Every quarter we examine anonymized data from our Firebox UTM appliances all across the world and report on the most common malware variants and network attacks that our appliances block. This gives valuable real-world information on the most common network and computer threats aimed at small and medium-sized businesses and distributed enterprises. This quarter, active Fireboxes blocked more than 30 million malware variants and 6.9 million network attacks. We found growth in macro-less Word document attacks, a major jump in new or “zero-day” malware variants that did not match existing antivirus signatures, and much more.
 

Here are some of the major findings from the Q4 2017 Internet Security Report:

• Cyber criminals are increasingly leveraging malicious Office documents. Dynamic Data Exchange (DDE) attacks cracked WatchGuard’s top ten malware list in Q4 and two of the top-ten network attacks involved Microsoft Office exploits.
• Overall malware attacks grew significantly. Also, zero-day malware variants (new malware variants that did not match an existing signature but were caught by more advanced Firebox security services) jumped 167 percent.
• Nearly half of all malware eluded basic antivirus (AV) solutions. That level of growth suggests criminals are using more sophisticated evasion techniques capable of slipping attacks past traditional AV services, which further underscores the importance of behavior-based defenses.
• Scripting attacks account for 48 percent of top malware. Script-based attacks caught by signatures for JavaScript and Visual Basic Script threats, such as downloaders and droppers, accounted for the majority of malware detected in Q4.

 
The most common network threats caught by Fireboxes in Q4 2017

Overall, these findings show that bad actors continue to use obfuscation tactics and advanced download schemes to hide their malware and trick users. Traditional AV protections are no longer enough with almost half of malware attacks slipping past them. Now more than ever, businesses of all sizes need layered security services and advanced malware protection. Furthermore, WatchGuard now offers a data visualization tool called Threat Landscape that lets users search Firebox Feed data by type of attack, region, country, and date range. You now have access to a wealth of information that updates instantly, complete with interactive graphics.

 Page 14 If you need help using Secplicity please email [email protected]

The Q4 report also includes a year-over-year comparison between 2016 and 2017 results, recommendations for defensive strategies to help businesses protect themselves, a detailed breakdown of the KRACK WPA2 protocol exploit that was made public in 2017, and a detailed research project analyzing a database of over 1 billion stolen passwords. Download the complete report here.