Vulnerability used in Equifax breach is top network attack in Q3 of 2019
Network security and intelligence company WatchGuard Technologies has released its internet security report for the third quarter of 2019 showing the most popular network attacks.
Apache Struts vulnerabilities -- including one used in the devastating Equifax data breach which tops the list -- appeared for the first time on WatchGuard's list. The report also highlights a major rise in zero day malware detections, increasing use of Microsoft Office exploits and legitimate penetration testing tools, and more.
"Our latest threat intelligence showcases the variability and sophistication of cyber criminals’ growing playbook. Not only are they leveraging notorious attacks, but they're launching evasive malware campaigns and hijacking products, tools and domains we use every day," says Corey Nachreiner, chief technology officer at WatchGuard Technologies. "As threat actors continue to modify their tactics, organizations of every size must protect themselves, their customers and their partners with a set of layered security services that cover everything from the core network to endpoints to the users themselves."
Two malware variants affecting Microsoft Office products made the top ten list of malware by volume, as well as the top ten most-widespread malware list last quarter. Both attacks were primarily delivered via email, which highlights why organizations should increasingly focus on user training and education to help them identify phishing attempts and other attacks using malicious attachments.
Zero day instances are also up, to 50 percent of all attacks, having been at 38 percent for the last few quarters. The overall volume of malware detected is up four percent over the previous quarter, but a massive 60 percent compared to Q3 of 2018.
A new trend is the use of legitimate penetration testing tools to launch attacks. Two new malware variants involving Kali Linux penetration testing tools made their debut on WatchGuard's top ten list of malware by volume.
The analysis is based on anonymized Firebox Feed data from active WatchGuard UTM appliances whose owners have opted in to share data to support the Threat Lab's research efforts.
You can get the full report from WatchGuard's site.