Tag Archives: HTTPS

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

360 Vision Technology and Visual Management Systems guard against cyber attacks

As more and more security systems and devices become IP networked, it’s important for security installers and end users alike to consider how their systems will be protected against the possibility of cyber attacks. Providing a solution to the concerns around cyber security and hacking, CCTV specialist 360 Vision Technology has partnered with software control provider Visual Management Systems to provide security operators with an effective solution designed to guard against IP surveillance system cyber attacks.

Without the right level of network security measures in place, system users can be left vulnerable, resulting in exposure to the type of hacking and malware attacks that have recently hit the news headlines.

A serious security breach of an IP network can lead to system inoperability and network downtime and, at worst, direct access to corporate networks for the cyber criminals.

To provide IP surveillance system installers and operators with peace of mind, when used together both 360 Vision Technology cameras and Visual Management Systems’ TITAN SECURE Physical Security Information Management system can exceed 802.1x authentication protocols and encryption to provide “the ultimate protection” for surveillance networks via the latest patent pending technology.

360VisionTechnologySSL8022C5A19E

Designed to Centre for the Protection of National Infrastructure standards, this advanced protocol and encryption technology is said to offer a “far higher level” of hacking protection.

Advanced cyber attack protection

Ultimately, security and IT managers have much to gain by implementing the security advantages of a 802.1x authenticated network. Conversely, they also have a lot to lose should they ignore the security risks involved.

“As part of our ongoing development of products and deep integration techniques, we looked closely at the vulnerabilities of current camera systems and found that expert hackers could easily take control of standard network cameras, and even those models with HTTPS certification,” explained John Downie, sales director at Visual Management Systems. “Employing 802.1x authentication at both the camera and control end using 360 Vision Technology cameras and TITAN SECURE in combination is the most effective way in which to fully secure an IP camera network.”

Mark Rees, business development director at 360 Vision Technology, added: “Designed to protect organisations against hacking and ransomware attacks, the latest 360 Vision Technology IP surveillance cameras include advanced 802.1x encryption protection. Designed and built in the UK, our high-performance camera technology offers customers proven reliability, advanced imaging performance and effective cyber security for use within any high or general level camera surveillance application.”

Leave a comment

Filed under Risk UK News