Nearly a Third of All Malware Qualifies as ‘Zero Day’

Seeking to gain foothold on corporate networks, attackers are pumping new malware into the internet at an alarming rate.

Firewall and network security vendor WatchGuard this week released its first Internet Security Report, revealing many of the tactics used to stage cyber-attacks on businesses during the fourth quarter (Q4) of 2016. WatchGuard’s report includes anonymized data gathered from over 24,000 Firebox security appliances, which thwarted over 3 million network attacks and halted over 18 million malware infections in Q4 2016, according to the company.

Not only are the stakes are high, the war over valuable information has attracted the attention of some intimidating combatants.

“Businesses are getting inundated with ransomware attempts through phishing emails and malicious websites,” states an executive summary of the report. “Banks are getting targeted by sophisticated criminals who have been able to steal millions of dollars at a time. Even nation-states have gotten involved, with the U.S. officially blaming the Russian government for an election-related breach.”

Attempting to stay one step ahead of anti-virus companies, attackers have turned to churning out new or “zero day” malware that evades detection. Nearly a third of all malware (30 percent) observed by WatchGuard was of the zero-day variety.

Although it’s considered a decidedly-old school method of infecting systems, macros are still a popular part of a cyber-attacker’s toolkit, warns the report.

Malicious macros are common in spear-phishing attempts where a convincingly crafted email may lure victims into opening attachments containing infected documents. Aided by exploit kits, attackers also rely heavily on JavaScript to both deliver and conceal malware on the web and via email.

Generally, network attacks are focused on web services and browsers. Among the most prevalent are drive-by downloads affecting web browsers (73 percent).

The Internet of Things (IoT) is another tempting target. WatchGuard has observed a proliferation of Linux-based trojans likely used in IoT attacks. (Many IoT vendors turn to the open-source Linux operating system for their devices.)

In October, a massive distributed denial-of-service (DDoS) attack struck DNS provider Dyn, knocking several major online services and websites, including Spotify, Reddit and HBO Now, offline for hours. Security researchers identified the Mirai botnet, comprised of compromised Linux IoT devices, as the culprit.

Mirai continues to evolve and a variant was responsible for recently launching a 54-hour DDoS attack against a U.S. college customer of Incapsula.

Pedro Hernandez
Pedro Hernandez is a contributor to eSecurity Planet, eWEEK, and the IT Business Edge Network. Previously, he served as a managing editor for the network of IT-related websites and as the Green IT curator for GigaOM Pro.

Top Products

Top Cybersecurity Companies

Related articles