sb-eu logo
Story image

Credential theft is the hottest trend for cyber attackers in Q2

29 Sep 2017

This year cyber attackers have narrowed their focus to methods that involve credential theft – whether through malware, phishing or brute force attacks, the end result is a massive uptake in prevalence and sophistication.

WatchGuard’s latest quarterly Internet Security Report analyses threats facing SMBs and enterprises. It found that nearly half (47%) of all malware is able to hide from signature-based AV solutions, and is also ‘new’ or zero-day malware.

The number one malware for the second quarter this year was Mimikatz, an open source credential theft tool used for stealing and replacing Windows credentials.

It accounted for 36% of all malware, and it is the first time it has appeared in the report’s top 10 list.

WatchGuard CTO Corey Nachreiner says that data from the report shows attackers are more focused on credential theft than ever before.

 “From JavaScript-enabled phishing attacks and attempts to steal Linux passwords, to brute force attacks against web servers, the common theme here is that login access is a top priority for criminals. Knowing this, businesses must harden exposed servers, seriously consider multi-factor authentication, train users to identify phishing attacks and implement advanced threat prevention solutions to protect their valuable data,” he explains.

Phishing attacks and malicious JavaScript tools are increasingly hand-in-hand. For several quarters, attackers have used JavaScript code and downloaders to deliver malware through both web and email attacks.

In Q2, the most popular method was email phishing attacks that use JavaScript to closely mimic login pages such as Google, Microsoft and others. The similarities to the genuine sites trick users into giving up their details, the report says.

The report also found that brute force attacks are also proving popular for attackers’ quests to gain user credentials. The attacks against web servers use automated tools and work against web servers without protections that monitor failed logins. Automated attacks are able to test thousands of passwords per second.

While brute force attacks were in the top 10 network attacks, network attacks as a whole have dropped 30% compared to Q1.

WatchGuard used anonymised data from its Firebox Feeds across 33,500 appliances. In Q2, appliances blocked more than 16 million malware variants.

“The web continues to be the battleground. As has continued for the third quarter in a row, most if not all the top ten network attack targeted web servers and clients. Adding additional securityservices to your web traffic remains a top priority,” the report concludes.

Story image
Spending on managed security services in A/NZ to grow despite COVID headwinds
COVID-19 has changed security priorities significantly, and managed security services in A/NZ are set to benefit. More
Story image
Strong cybersecurity posture crucial for company success - Fortinet
"They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures."More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More