Tag Archives: WatchGuard

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

WatchGuard and Deutsche Telekom partner to deliver enterprise-grade security solution for SMBs

Watchguard Technologies, the specialist in network security and intelligence, secure Wi-Fi and multi-factor authentication, has launched Business Network Protect Complete, an enterprise-grade security solution for SMBs built in partnership with Deutsche Telekom.

With fast Internet from Deutsche Telekom and security services delivered by WatchGuard, this all-in-one offering is designed to simplify the delivery of critical security for organisations lacking the resources to defend against cyber attacks on their own. The Business Network Protect Complete solution combines a DSL modem and Wi-Fi router with enterprise-level security protections, all within WatchGuard’s own Firebox T35-DW solution.

“There are significant differences between a modern firewall appliance and a commercially available router with NAT functionality. Individual mission-critical network areas such as production systems, management servers, VoIP components and printers must be deliberately divided, individually secured, and automatically monitored,” said Michael Haas, area sales director, Central Europe at WatchGuard. “This can only be done via firewalls such as Business Network Protect Complete with our Firebox T35-DW table-top appliance. The solution’s easy-to-implement segmentation makes it simple to identify potential weak points, initiate countermeasures and prevent attacks from spreading freely across networks.”

BNP Complete offers leading security services such as APT Blocker, Gateway Anti-Virus, Spam Prevention, URL Filtering, Application Control, Intrusion Prevention, SSL Inspection and more. In addition, this all-in-one security solution automatically transmits and processes data from more than 180 Deutsche Telekom honeypot sensors that power its security speedometer to recognise and block malicious IPs.

BusinessNetworkProtectionComplete

Gate to digitisation

“With the new offering, we’re able to address the needs of SMBs, including tax consultants, law firms, management consultants, insurance agents and larger medical practices, as well as customers in retail and logistics and other markets,” explained Christian Cronjäger, security product and portfolio manager at Deutsche Telekom. “The gate to digitisation with a fast Internet connection is not only wide open, but the WatchGuard firewall and its numerous security controls serve as a moat to protect sensitive data.”

This solution is suitable for all connections up to 200 Mbps max, while anything up to 20 employees can be covered. The basic protection license includes all hardware components, the EWS from Deutsche Telekom and the ‘Help Desk Service Plus’ managed security services package, which offers guaranteed interference suppression in 24 hours.

The all-in-one protection license also includes the APT Blocker module for protection against highly complex and largely unknown threats. This can be augmented with additional security services depending on customer requirements.

Since 24-7 operation is guaranteed via managed services, customers benefit from secure and reliable connections without having to invest the time and resources into overseeing security themselves. Additionally, Business Network Protect Complete eliminates high up-front costs by offering clients simplified and convenient monthly billing.

Leave a comment

Filed under Security Matters