sb-eu logo
Story image

Surge in encrypted malware prompts warning about detection strategies

29 Jun 2020

WatchGuard Technologies’ Q1 2020 Internet Security Report has shown a massive surge in malware delivery over encrypted connections, highlighting what could become the next most common attack vector after phishing emails.

According to the report, 67% of all malware in the quarter was delivered by HTTPS encrypted connections.  Furthermore, 72% of the malware is zero-day malware, meaning there is no identifiable signature that can be detected by signature-based security platforms.

“If you are not decrypting and scanning your secure web connections, you are likely missing a large majority of malware,” the report states.

The Flawed-Ammyy and Cryxos malware variants took top spots on WatchGuard’s top five encrypted malware list. Cryxos is delivered as an email attachment disguised as an invoice and will ask the user to enter their email and password, which it then stores. 

The report states, “Filling out the form doesn’t lead you to any file or page, but it does send the username and password to a compromised WordPress site where the attacking server stores the input.”

Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer.        

The report states, “As always, never download files from an untrusted source. Also, know what a Microsoft scam looks like. Microsoft will never call you first and will never give a phone number to call with an error.”

Other top malware variants include Lnkr, an encrypted malware that places ads on websites and hides from Chrome.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” comments WatchGuard’s chief technology officer, Corey Nachreiner. 

“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Findings are taken from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. 

WatchGuard says that today, more than 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, the appliances collectively blocked more than 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More