All IDCA News

By Loading

3 Feb 2022

Share on social media:

‘Encrypted connections primary delivery mechanism for zero-day malware’

A digital economy requires trust in SaaS applications, eCommerce sites, connectivity, online data storage, and more. The use of encryption is a key defense mechanism here against cybercriminals. In light of this, it must come as quite a shock to many in business and government globally that encryption is playing an important role in a recent state of security report published by WatchGuard Technologies. The conclusion? Encrypted connections won't protect you from malware.

Poor visibility

According to the report, nearly half of zero-day malware is delivered via encrypted connections: ‘While the total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower percentage of encrypted zero-days are considered advanced, but it is still concerning given that WatchGuard’s data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks’.

Many vendors, such as Cisco, Checkpoint, Crowdstrike, publish quarterly IT security reports. They cover similar topics. However, WatchGuard's Q3-2021 report contains some interesting statistics.

Focus on new software

Attackers are targeting vulnerabilities in the latest versions of Microsoft's popular products as users upgrade to the latest versions of Windows and Office. While unpatched vulnerabilities in older software remain a rich hunting ground for attackers, they are also looking for weakness in the latest versions of Microsoft's widely used products.

After showing up in the most-widespread malware list the quarter prior, CVE-2018-0802 cracked WatchGuard's top 10 gateway antivirus malware list by volume, hitting number 6. Additionally, two Windows code injectors (Win32/Heim.D and Win32/Heri) ranked number 1 and 6 on the most detected list, respectively.

In line with their conclusion that attackers are focusing on recently updated software, the analysts at WatchGuard conclude that in Q3 attackers disproportionately targeted the Americas (64.5%), compared to Europe (15.5%) and APAC (20%).

Photo credit: Jose Fontano

Follow us on social media: