- Nov 3, 2019
- 413
More than two-thirds of malware detected by WatchGuard in the last three months of 2019 was able to evade signature-based antivirus products, rendering them effectively useless in most instances
The volume of evasive malware – malware that can easily get round signature-based antivirus systems – grew to record levels in the final months of 2019, with two-thirds of samples detected by WatchGuard Technologies’ Firebox appliances during the fourth quarter now able to do this – a dramatic increase from the 2019 average of 35%.
This not only suggests that obfuscated or evasive malware is becoming the rule, rather than the exception, but highlights that many popular security products are now losing significant utility and are in danger of becoming legacy services in the face of the always-evolving cyber criminal underworld.
“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” said Corey Nachreiner, chief technology officer at WatchGuard.
“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defences, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security.”
Nachreiner added: “Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”
In a new report released today, WatchGuard said it was seeing a number of emergent trends around malware, including a jump in popularity in adware targeting macOS environments. One of the top compromised websites found by WatchGuard hosted an adware called Bundlore that poses as an update to Adobe Flash. This tallies with other observations, notably a February 2020 study conducted by Malwarebytes.
WatchGuard also found widespread phishing campaigns exploiting a Microsoft Excel vulnerability that was first disclosed in 2017. This exploit, widely seen in the UK, enables the download of a number of different types of malware onto the victim device, including a keylogger called Agent Tesla, which was one of the earliest malware strains to exploit the Covid-19 coronavirus outbreak before it became a global emergency.
The volume of evasive malware – malware that can easily get round signature-based antivirus systems – grew to record levels in the final months of 2019, with two-thirds of samples detected by WatchGuard Technologies’ Firebox appliances during the fourth quarter now able to do this – a dramatic increase from the 2019 average of 35%.
This not only suggests that obfuscated or evasive malware is becoming the rule, rather than the exception, but highlights that many popular security products are now losing significant utility and are in danger of becoming legacy services in the face of the always-evolving cyber criminal underworld.
“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” said Corey Nachreiner, chief technology officer at WatchGuard.
“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defences, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security.”
Nachreiner added: “Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”
In a new report released today, WatchGuard said it was seeing a number of emergent trends around malware, including a jump in popularity in adware targeting macOS environments. One of the top compromised websites found by WatchGuard hosted an adware called Bundlore that poses as an update to Adobe Flash. This tallies with other observations, notably a February 2020 study conducted by Malwarebytes.
WatchGuard also found widespread phishing campaigns exploiting a Microsoft Excel vulnerability that was first disclosed in 2017. This exploit, widely seen in the UK, enables the download of a number of different types of malware onto the victim device, including a keylogger called Agent Tesla, which was one of the earliest malware strains to exploit the Covid-19 coronavirus outbreak before it became a global emergency.
