Research
Ransomware Expected to Increase 150% This Year
Ransomware and fileless
malware are both seeing large surges this year. According to the newly released Q2
2021 Internet Security Report from WatchGuard Technologies, in
the first six months of 2021, ransomware attacks were already at
nearly the total volume for all of the previous year and are on
target to see a 150 percent increase by the end of the year. According to
WatchGuard: "While total ransomware detections on the endpoint
were on a downward trajectory from 2018 through 2020, that trend
broke in the first half of 2021, as the six-month total finished just
shy of the full-year total for 2020. If daily ransomware detections
remain flat through the rest of 2021, this year’s volume will reach
an increase of over 150 percent compared to 2020."
Fileless malware — malware originating from scripting engines,
such as PowerShell — is increasing at an even greater pace and is
on track to double 2020's total this year. AMSI.Disable.A is one such
malware type that's on the rise. According to WatchGuard:
"AMSI.Disable.A showed up in WatchGuard’s top malware section
for the first time in Q1 and immediately shot up for this quarter,
hitting the list at No. 2 overall by volume and snagging the No. 1 spot for
overall encrypted threats. This malware family uses PowerShell tools
to exploit various vulnerabilities in Windows. But what makes it
especially interesting is its evasive technique. WatchGuard found
that AMSI.Disable.A wields code capable of disabling the Antimalware
Scan Interface (AMSI) in PowerShell, allowing it to bypass script
security checks with its malware payload undetected."
Other findings from the report include:
-
A massive 91.5 percent of all malware arrived over encrypted
connection. "Put simply, any organization that is not examining
encrypted HTTPS traffic at the perimeter is missing 9/10 of all
malware," according to WatchGuard.
-
Network attacks rose 22 percent in the quarter, reaching the highest
level sine 2018. "Q1 saw nearly 4.1 million network attacks. In
the quarter that followed, that number jumped by another million –
charting an aggressive course that highlights the growing importance
of maintaining perimeter security alongside user-focused
protections."
-
Microsoft Office continues to be a popular attack vector.
WatchGuard reported a new 2017 RCE vulnerability that debuted in the
second quarter as the No. 1 network attack. "Though it may be
an old exploit and patched in most systems (hopefully), those that
have yet to patch are in for a rude awakening if an attacker is able
to get to it before they do."
-
Aside from the 2017 RCE vulnerability, two other top-10
network attacks exploited old vulnerabilities, according to the
report: a "2011 Oracle GlassFish Server vulnerability [and] a
2013 SQL injection flaw in medical records application OpenEMR…."
The report was based on "anonymized Firebox Feed data from
active WatchGuard Fireboxes whose owners have opted to share data in
direct support of the Threat Lab’s research efforts. In Q2,
WatchGuard blocked a total of more than 16.6 million malware variants
(438 per device) and nearly 5.2 million network threats (137 per
device)."
The complete Q2
2021 Internet Security Report is available on
Watchguard's site (registration required).
