Science, Technology, and Social Media

Word Document Attacks on the Rise, Malware Variants See Dramatic Increase

Threat intelligence from Firebox appliances protecting small and midsize businesses (SMBs) and distributed enterprises around the world showed that total malware attacks are up by 33 percent, and that cybercriminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads according to a new report by WatchGuard Technologies.

“After a full year of collecting and analyzing Firebox Feed data, we can clearly see that cybercriminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Although these criminal tactics may vary over time, we can be certain that this broad trend will persist, so the risks have never been greater for small and midsize organizations with less IT and security resources. We encourage businesses of all sizes to proactively mitigate these threats with layered security services, advanced malware protection, and employee education and training in security best practices.”

  • Cybercriminals leveraged malicious Office documents to trick victims. Dynamic Data Exchange (DDE) attacks cracked WatchGuard’s top ten malware list in Q4, as hackers increasingly exploited issues within this Microsoft Office standard to execute code. Also called “macro-less malware,” these malicious documents often use PowerShell and obfuscated script to get past network defenses. Additionally, two of the top-ten network attacks in Q4 involved Microsoft Office exploits, further emphasizing the growing trend of malicious document attacks.
  • Overall malware attacks grew significantly, while zero-day malware variants jumped 167 percent. WatchGuard Fireboxes blocked over 30 million total malware variants in Q4, which was a 33 percent increase over the previous quarter. Out of the total threats prevented in Q4, the subset of new or “zero-day” malware instances rose steeply by 167 percent compared to Q3. These increases can likely be attributed to heightened criminal activity during the holiday season.
  • Nearly half of all malware eluded basic antivirus (AV) solutions. WatchGuard Fireboxes block malware using both legacy signature-based detection techniques and the modern, proactive behavioral detection solution – APT Blocker. When APT Blocker catches a malware variant, it means the legacy AV signatures missed it. This zero-day malware accounted for 46 percent of all malware in Q4. That level of growth suggests criminals are using more sophisticated evasion techniques capable of slipping attacks past traditional AV services, which further underscores the importance of behavior-based defenses.
  • Scripting attacks account for 48 percent of top malware. Script-based attacks caught by signatures for JavaScript and Visual Basic Script threats, such as downloaders and droppers, accounted for the majority of malware detected in Q4. Users should take note of the continued popularity of these attacks and watch out for malicious scripts in web pages and email attachments of any kind.

The full Internet Security Report features evaluations of the quarter’s most pervasive malware and network attacks, recommendations for useful defensive strategies in today’s threat landscape, and a detailed breakdown of “the Krack Attack” – one of the top information security issues in 2017.

Additionally, the report includes a new research project from the WatchGuard Threat Lab, which analyzes a database of more than 1 billion stolen password records to stress just how often users choose weak passwords and re-use credentials across multiple accounts. This quarter’s conclusions are based on anonymized Firebox Feed data from nearly 40,000 active WatchGuard Fireboxes worldwide, which blocked more than 30 million malware variants (783 per device) and 6.9 million network attacks (178 per device) in Q4 2017.

Rich Mitchell

Rich Mitchell is the editor-in-chief of Conservative Daily News and the president of Bald Eagle Media, LLC. His posts may contain opinions that are his own and are not necessarily shared by Bald Eagle Media, CDN, staff or .. much of anyone else. Find him on twitter, facebook and GETTR

Share
Published by
Rich Mitchell

Recent Posts

Columbia University Expels Antisemitic Protesters Who Overtook Campus Building

Columbia University announced Thursday it has suspended, expelled and revoked the degrees of students involved…

2 hours ago

Columbia Student’s Visa Revoked For Pro-Hamas Protest, Used New Trump App To Self-Deport

A former Columbia University student involved in the anti-Israel protests used a newly minted app…

2 hours ago

Kari Lake Announces Voice Of America Is Dumping Legacy Outlets

Special Adviser for the U.S. Agency for Global Media (USAGM) Kari Lake announced Friday that…

3 hours ago

Trump DOJ’s Violent Crime Crackdown Is ‘Night And Day’ From Biden Admin’s Approach, State AGs Say

WASHINGTON — Seven Republican state attorneys general thanked the Trump administration on Friday for its…

3 hours ago

Trump Admin Moves To Purge ‘Climate Zealotry’ From Defense Department

The Department of Defense (DOD) is spearheading an effort to purge various climate change efforts from its…

3 hours ago

USPS Enlists DOGE To Stop The Bleeding After Hemorrhaging Billions

Postmaster General Louis DeJoy announced an agreement Thursday with Elon Musk’s Department of Government Efficiency…

3 hours ago