WatchGuard research shows that year-over-year malware volume increased by 64% and that it is increasingly targeting Europe. According to the report, in Q2 2019, nearly 37% of malware targeted the EMEA region, with several individual attacks focusing on the UK, Italy and Germany.
WatchGuard’s latest quarterly Internet Security Report reveals and ranks the most common domains attackers use to host malware and launch phishing attacks. These include several subdomains of legitimate sites and Content Delivery Networks (CDNs) such as CloudFlare.net, CloudFront.net (which belongs to Amazon), SharePoint and Amazonaws.com.
The report for Q2 2019 also highlights that modules from the popular Kali Linux penetration testing tool made the top ten malware list for the first time. Trojan.GenericKD, which covers a family of malware that creates a backdoor to a command-and-control server, and Backdoor.Small.DT, a web shell script used to create backdoors on web servers, were sixth and seventh on the list. This could indicate either growing adoption among malicious actors or more penetration testing by white hat hackers using Kali Linux.
“This edition of the Internet Security Report exposes the gritty details of the methods hackers use to sneak malware or phishing emails onto networks by hiding them on legitimate content hosting domains,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies.
Two pieces of malware - a phishing attack that threatens to release fake compromising information on the victim, and a Microsoft Office exploit - that appeared on the most widespread malware list in Q1 2019 and Q4 2018 have graduated to the top ten list by volume. This illustrates that these campaigns are on the rise and are sending a high volume of attacks at a wide range of targets. Users should update Office regularly and invest in anti-phishing and DNS filtering security solutions.
