A new report by WatchGuard sheds light on the state of malware so far into 2020.
One of the most crucial findings of the report is that 67% of the malware in Q1 of 2020 was distributed via encrypted HTTPS connections. Furthermore, more than 70% of the malware was identified as zero-day, thus evading signature-based antivirus solutions.
What do these statistics show in terms of the state of security in organizations? Most organizations seem to be unable to detect two-thirds of incoming malware, with the UK being a top target in network attacks.
What can organizations do to improve their network security?
HTTPS Inspection Becomes Mandatory
“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection,” says Corey Nachreiner, CTO at WatchGuard.
HTTPS inspection involves extra work, which may be the reason for the inability of most enterprises to implement it. However, since most malware is delivered through encrypted connections, its deployment is rather mandatory. Letting traffic go uninspected is no longer an option, Nachreiner adds.
As a comparison, in 2019 researchers logged more than 2.8 million encrypted malware attacks, or 27 percent more than the previous year, with the threat of encrypted malware accelerating throughout 2019. More specifically, 2.4 million encrypted attackers were registered, marking a 76 percent year-to-date increase, according to a report by SonicWall Capture Labs. Considering current statistics, this trend is unfolding.
Domains Distributing Malware
So far in the year, five of the top 10 domains associated with malware delivery hosted Monero cryptominers. The surge in cryptomining malware is likely stemming from the ease of adding a cryptoming module to malware. This gives cybercriminals yet another way to generate passive income, security researchers point out.
One of the most popular encrypted malware threats so far this year in the so-called Cryxos Trojan, mainly targeting Hong Kong. The malware has been delivered in phishing campaigns as a malicious attachment disguised as an invoice, prompting the user to enter their email address and password.
WatchGuard also detected three new domains hosting phishing campaigns. The domains impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365, and an AT&T login page, which is no longer active.
Threats Associated with the Coronavirus
The coronavirus trend in malware delivery and malicious campaigns continues even now.
In May, a Proofpoint report showed that more than 300, coronavirus-themed phishing campaigns were created to harvest personal and banking details from potential victims.
These phishing campaigns use templates facilitating the creation of high-quality, malicious web domains. These have been used in phishing campaigns related to the COVID-19 pandemic, where organizations such as WHO (World Health Organization), the US Centers for Disease Control, the IRS, HMRC in the UK, and local councils across London are impersonated.