Network attacks increased in third quarter, WatchGuard says

One network attack targeted the same vulnerability exploited in the Equifax data breach from September 2017, according to a new report.

Keeping up with the latest tactics and tricks of cybercriminals is a challenging process, especially as the level of certain threats seems to keep rising from quarter to quarter.

There was a jump in the number of network attacks in the third quarter, as outlined in WatchGuard Technologies' Internet Security Report for Q3 2019, released on Wednesday.

SEE: Network Attacks and Their Detection Mechanisms: A Review (free PDF) (TechRepublic)

For the quarter, network attacks rose by 8% compared with the second quarter of 2019.

Among the Top 10 most "popular" network attacks seen by WatchGuard last quarter, one exploits a vulnerability found in the open-source web application framework Apache Struts, the same vulnerability used in the Equifax data breach from September 2017.

Specifically, cybercriminals use Apache Struts 2 Remote Code Execution to install Python or create a custom HTTP request using just a few lines of code to obtain shell access to an exposed system. 

Other threats analyzed for the quarter exploited two additional Apache Struts vulnerabilities, a reminder that web admins need to patch security holes as soon as possible.

On the malware front, WatchGuard offered good and bad news. The good news? The overall number of malware detections dropped by 4% from the second quarter. The bad news? The number was a huge jump of 60% from the third quarter of 2018.

In particular, zero day malware instances accounted for half of all malware detections last quarter, up from around 38% over the past several quarters. 

This shows that half of all malware attacks in the third quarter were able to bypass traditional signature-based security solutions, pointing out a need for more layered security methods.

Microsoft Office continues to be another exploitable product. On WatchGuard's Top 10 list were two malware variants that target Office products.

Both attacks were deployed primarily via email, which means that organizations need to focus on training and education to help users learn how to identify phishing emails and messages with malicious attachments.

Cybercriminals appear to be using legitimate penetration testing tools for nefarious purposes. Two malware variants caught by WatchGuard exploited the Kali Linux penetration testing tools.

One variant, dubbed Boxter, is a PowerShell Trojan used to download and install unwanted programs on a user's device without permission. The other, known as Hacktool.JQ, was the only other authentication attack tool besides Mimikatz to appear on WatchGuard's list.

Researchers weren't sure whether the rise in these types of detections was attributable to legitimate penetration testing activities or malicious attackers exploiting readily-available open source tools. 

Either way, organizations should continue to make use of anti-malware services to protect their data, they said.

Finally, malware attacks targeting the Americas rose dramatically. More than 42% of such attacks were launched against organizations and users in North, Central, and South America, up from just 27% in the second quarter. 

WatchGuard was unclear as to the specific reasons, but organizations in these regions should be aware of this trend, it said.

The findings for WatchGuard's "Internet Security Report for Q3 2019" were taken from anonymized Firebox Feed data from active WatchGuard Unified Threat Management appliances whose owners have agreed to share data. More than 37,000 appliances worldwide contributed threat intelligence data to the report.

Also see

Isometric Lock, Padlock, Keyhole. Cyber security and information or network protection. Future cyber technology web services for business and internet project.

Image: Getty Images/iStockphoto