International. A recent report reveals how COVID-19 has impacted the security threat landscape, with evidence that attackers continue to attack corporate networks despite the shift to remote work and an increase in pandemic-related malicious domains and phishing campaigns.
This report was developed by WatchGuard Technologies and is called the "Internet Security Report for the Third Quarter of 2020."
"As the impact of COVID-19 continues to unfold, our threat intelligence provides key insights into how attackers are adjusting their tactics," said Corey Nachreiner, Chief Technology Officer, WatchGuard. "While there is no such thing as 'the new normal' when it comes to security, businesses can rest assured that increasing protection for both the end point and the network will be a priority in 2021 and beyond. It will also be important to establish a layered approach to information security, with services that can mitigate evasive and encrypted attacks, sophisticated phishing campaigns, and more."
Key findings from the third quarter 2020 report include:
- Network attacks and unique detections reached two-year highs:
Network attacks rose to more than 3.3 million in the third quarter, representing a 90% increase from the previous quarter and the highest level in two years. Unique network attack signatures also continued on an upward trajectory, also reaching a two-year high in the third quarter. These findings highlight the fact that companies must prioritize maintaining and strengthening protections for network-based assets and services, even as the workforce becomes increasingly remote.
COVID-19 scams increase in prevalence:
In the third quarter, a COVID-19 adware campaign running on websites used for legitimate purposes in support of the pandemic was included in WatchGuard's list of the 10 most engaged websites. WatchGuard also discovered a phishing attack that leverages Microsoft SharePoint to host a pseudo-login page impersonating the United Nations (UN), and the email link contained messages about un small business relief due to COVID-19. These findings further emphasize that attackers will continue to tap into the fear, uncertainty, and doubts surrounding the global health crisis to lure and deceive their victims.
- Companies click on hundreds of phishing attacks and bad links:
In the third quarter, WatchGuard's DNSWatch service blocked a total of 2,764,736 malicious domain connections, resulting in 499 blocked connections per organization in total. Breaking it down further, each company would have been able to reach 262 malware domains, 71 compromised websites, and 52 phishing campaigns. Combined with the aforementioned increase in compelling COVID-19 scams, these findings illustrate the importance of implementing DNS filtering services and user security awareness training.
- Attackers investigate vulnerable SCADA systems in the US:
The new addition to WatchGuard's list of most widespread network attacks in the third quarter exploits a pre-patched authentication bypass vulnerability in a popular monitoring control and data acquisition (SCADA) system. While this class of vulnerability is not as serious as a remote code execution flaw, it could still allow an attacker to take control of the SCADA software running on the server. Attackers targeted nearly 50% of U.S. networks with this threat in the third quarter, highlighting that industrial control systems could be a major focus area for bad actors in the coming year.
- LokiBot's look-a-like debuts as one of the most widespread malware variants:
Farelt, a password thief who looks like LokiBot, made its way into WatchGuard's list of the top five most widespread malware detections in the third quarter. Although it is unclear whether the Farelt botnet uses the same command and control structure as LokiBot, there is a high probability that the same group, SilverTerrier, created both malware variants. This botnet takes many steps to bypass antivirus controls and trick users into installing malware. While investigating the threat, WatchGuard found strong evidence indicating that the malware has likely targeted many more victims than the data suggests.
- Emotet persists:
Emotet, a prolific banking Trojan and well-known password thief, made its debut on WatchGuard's top ten malware list for the first time in the third quarter and narrowly missed the list of top ten domains that distribute malware (for just a few connections). Despite being ranked 11th on the latest list, this appearance is particularly remarkable, as WatchGuard Threat Lab and other research teams have seen current Emotet infections release additional attacks/payloads like Trickbot and even the Ryuk ransomware with no signs of slowing down.
WatchGuard's quarterly research reports are based on anonymized Firebox Feed data from active WatchGuard devices whose owners have chosen to share data to support Threat Lab's research efforts. In the third quarter, nearly 48,000 WatchGuard devices contributed data to the report (the most ever recorded), blocking a total of more than 21.5 million malware variants (450 per device) and more than 3.3 million network threats (or approximately 70 detections per device). Fireboxes also continued their upward trend of unique signature detections, collectively identifying and blocking 438 unique attack signatures, a 6.8% increase from the second quarter and the largest since the fourth quarter of 2018.
The full report includes in-depth research and key defensive best practices that businesses of all sizes can use to protect against modern security threats. The report also presents a detailed analysis of the historic Twitter attack that compromised 130 high-profile accounts to promote a Bitcoin scam in July 2020.
Read WatchGuard's full Third Quarter 2020 Internet Security Report here: https://bit.ly/3qBk3Gu
