Q1 2021 News: Most Malware Occurred Through HTTPS Connections
According to WatchGuard, almost 67% of all malware attacks recorded during the first quarter of 2021 were delivered via encrypted HTTPS connections. Out of these attacks, 72% were categorized as zero-day attacks, which translates to malware that simply evaded signature-based protection.
These findings indicate that up to two-thirds of the incoming threats are missed by companies that are reluctant to implement an HTTPS encrypted traffic inspection and advanced behavior-based threat detection techniques. The study also points out that the UK was the top target for cyber criminals during the quarter, reaching the foremost spot of the countries with the five most widespread network attacks.
Based on this report, it is quite evident that not monitoring incoming and outgoing website traffic is no longer an option. As malware continues to grow more advanced and evasive, the only reliable defensive approach is the implementation of HTTPS inspection methods, layered security services, and advanced threat detection.
Other major findings for the first quarter include the following:
- Controlled and hosted Monero cryptominer malware has increased substantially and is now among the five top malware distributing domains
- Cryxos Trojan rose to third position on the encrypted and widespread malware detection list for Q1
- Flawed Ammyy attacks, a type of scam where hackers gain remote access to the system, have also increased
- A three-year old Adobe vulnerability has resurfaced and is now listed among the top 10 attacks that transpired during the first quarter of 2021
- Spear phishing campaigns have surged and are currently a part of the top-ten attacks of the quarter measured
- COVID-19 themed scams and attacks have also grown within the first three months of 2021
The Problem With Zero-Day Threats And Signature-Based Antivirus Protection
Malicious actors are increasingly relying on zero-day attacks to prey upon individuals and organizations. Since this type of attack targets new and unknown weaknesses in a software or application, traditional signature-based antivirus solutions aren’t capable of stopping the intruders from infiltrating your device, data, and network.
When new viruses are discovered, your antivirus vendor has a signature to protect against them. When the signature is checked later, the virus will be blocked from accessing your network and devices.
Zero-day vulnerabilities are dangerous given the antivirus solution likely doesn’t have the necessary signatures in place to recognize them. Until the vulnerability is identified and patched by the developers, zero-day exploits can go undetected by traditional antivirus programs.
These days, malicious attackers have started to mutate the malware by implementing slight code adjustments in a manner that helps the malware keep generating new signatures while maintaining its overall functionality. This is mostly accomplished by inserting junk code, shrinking or expanding the code, adding permutations to the code, and more.
By using this technique, hackers can attack in frequent succession while inflicting maximum damage. These codes go unnoticed when you run a scan using an antivirus that relies exclusively on signature-based detection.
The Impact Of Covid-19
There has been a huge surge in COVID-19 themed cyberattacks over the last few months. Hackers are sending out themed emails and messages to bulk users in an attempt to convince them to click a link. Once clicked, the device becomes infected with keyloggers, trickbots, and more.
Recently, DocuSign users received an impersonating email about COVID-19. When the user clicks on the email, the user is redirected to a fake login page designed to steal credentials. Hackers are also impersonating organizations like WHO, IRS, and others to send out mass-mailers related to COVID surveys, notices, health information, and more.
With each passing day, malware continues to become more evasive and advanced. Since signature-based detection engines can’t help, the only reliable approach to protecting yourself is by implementing a layered security system including an advanced threat detection engine, behavioral analysis, and other real-time security features.