Over 90 percent of malware arrives over encrypted connections
Security experts have spent years driving home the message that HTTPS connections are safer, but a new report released today reveals that 91.5 percent of malware arrived over encrypted connections in the second quarter of this year.
The quarterly internet security report from WatchGuard Technologies also shows alarming surges across fileless malware threats, dramatic growth in ransomware and a big increase in network attacks.
"With much of the world still firmly operating in a mobile or hybrid workforce model, the traditional network perimeter doesn’t always factor into the cybersecurity defense equation," says Corey Nachreiner, chief security officer at WatchGuard. "While a strong perimeter defense is still an important part of a layered security approach, strong endpoint protection (EPP) and endpoint detection and response (EDR) is increasingly essential."
Among other findings are that the AMSI.Disable.A malware uses code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected.
There has also been a substantial increase in network attacks, which rose by 22 percent over the previous quarter and reached the highest volume since early 2018. Q1 saw nearly 4.1 million network attacks. In the quarter that followed, that number jumped by another million -- charting an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-focused protection.
Ransomware increased too, with the six-month total for the first half of this year finishing just short of the full-year total for 2020. The trend appears to be towards attackers going for high-profile targets -- as in the Colonial Pipeline attack -- rather than the more scattergun approach of the past.
You can get the full report from the WatchGuard site.