Most malware in 1Q20 was carried out with the help of encrypted HTTPS connections, claims WatchGuard Technologies.
Organizations globally should consider HTTPS inspection to uncover encrypted malware. Nearly 67% of all the malware in the first quarter of 2020 was delivered though encrypted HTTPS connections. The latest report from WatchGuard, titled “Internet Security Report for Q1 2020” has come up with various insights about the ongoing malware attacks. About 72% of the encrypted malware has been tagged as zero-day – so would have escaped the signature-based antivirus protection.
Setting up HTTPS inspection can be complicated – it demands extra effort, and if ignored, the process can deteriorate the end-to-end encryption. Besides, it can affect the protection from security gateways as well as products. Without the assessment of encrypted traffic, organizations often miss upon 2/3 of incoming threats. As per the report, the UK was one of the top targets for cybercriminals in the first quarter with widespread network attacks.
According to Corey Nachreiner, CTO at WatchGuard –“Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option…As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”
Some principal findings from the report are –
1 Monero crypto miners increased in popularity
2 Top lists of malware variants included Flawed-Ammyy and Cryxos
3 Top network attacks found a three-year-old Adobe vulnerability
4 Online and cloud platforms are under attack with spear-phishing campaigns
COVID-19 repercussions have boosted cyber attacks
Q1 2020 was just the beginning of drastic changes to the comprehensive cyber threat ecosystem – driven by the coronavirus pandemic. In the initial three months of 2020, the world witnessed a rise in remote workers and cyberattacks targeting individuals. However, the malware hits and network-related attacks have declined. Broadly, in Q1, there were nearly 6.9% fewer malware hits and around 11.6% fewer network attacks. Despite this, there was a 9% surge in the number of Fireboxes contributing data. Thus, this could be attributed to the fewer possible targets operating in the traditional network perimeter – along with the extensive work from home policies amid the pandemic.