WatchGuard Q3 2020 Internet Security Insights [Infographic]
Within the realm of IT services, cybersecurity has become the main talking point in 2020. As was largely predicted, ransomware, data breaches, and phishing attacks have increased throughout the year and taken a foothold in our headlines. Even as we close out the year, US government officials are scrambling to understand the depths of a months-long cyberattack that encompassed over 18,000 companies, the State Department, as well as Homeland Security, and other agencies.
With that backdrop, we bring you WatchGuard’s Q3 2020 Internet Security Insights report compiled from data collected across nearly 48,000 Firebox devices around the globe. From the data, WatchGuard reports a 90% increase in network attack volume — the highest level seen in 2 years. Beyond the raw volume, zero-day malware (malware that evades signature-based protection) dropped some in Q3, but still remains over half of all malware. At the same time, encrypted threats hiding in TLS communications increased to 54%. In other words, attackers continue to grow sophisticated and evade traditional defense, even as they refocus their targets due to the pandemic.
Other highlights from the quarter include:
- Overall perimeter detected malware is down 26% quarter-over-quarter (QoQ), which we have started to expect due to COVID-19, and many employees working from home.
- Over 50% of malicious files are zero day mal-ware, meaning the malware is not detected using signature-based protections. This is actually down 64% compared to last quarter, but still represents a high volume of malware missed by some AV solutions.
- We saw an increase in malware arriving over encrypted communication channels, with 54% of malware using TLS (HTTPS). This malware also tends to be more sophisticated than average, with ~61% of it being zero day malware.
- Network attacks and unique exploit detections hit two-year highs. Network attacks swelled to more than 3.3 million in Q3, representing a 90% increase QoQ. Unique network attack signatures also continued on an upward trajectory, reaching a two-year high in Q3 as well.
- During Q3 2020, Firebox appliances’ Intrusion Prevention Service (IPS) blocked an average of 70 attacks per appliance.
- Attackers probed nearly half of the Fireboxes in the United States for weaknesses in a popular SCADA-related industrial control system solution.
- Network attacks targeting countries in the Asia and Pacific (APAC) regions were up for the second quarter in a row.
- During Q3, DNSWatch blocked a combined 2,764,736 malicious domain connections, which translates to 499 blocked connections per organization.
- Breaking it down further, DNSWatch blocked 262 malware domains, 71 compromised websites and 52 clicked phishes per organization in Q3.
- COVID-19 scams grow in prevalence. In Q3, a COVID-19 adware campaign running on websites used for legitimate pandemic support purposes made WatchGuard’s Top 10 Compromised Websites list.
- A LokiBot look-a-like debuted in our top widespread malware list. Farelt, a password stealer that resem-bles LokiBot, made its way into WatchGuard’s top five most widespread malware detections list in Q3. Other popular botnets/trojans, like Emotet and Zusy, also made the top malware lists.
Download the full report at https://www.watchguard.com/wgrd-resource-center/security-report-q3-2020