Over two-thirds (70%) of all malware attacks involved evasive zero-day malware in Q2 of 2020, which is a 12% rise on the previous quarter, according to WatchGuard Technologies latest Internet Security Report.
Interestingly, the increase in this form of malware, which circumvents anti-virus signatures, has come as overall malware detections fell by 8% compared to Q1. WatchGuard attributes this reduction to the rise in remote working brought about by COVID-19, as less employees are operating behind corporate network perimeters.
Around 34% of attacks were sent over encrypted HTTPS connections, meaning that organizations unable to inspect encrypted traffic will miss over one-third of incoming threats.
The report also showed an increase in JavaScript-based attacks. For instance, the scam script Trojan.Gnaeus, which enables threat actors to hijack control of the victim’s browser with a sophisticated code and forcibly redirects them to domains under the attackers control, comprised nearly one in five of all malware detections.
Threat actors increasingly used encrypted Excel files to hide malware in Q2, according to the report. This included the malware variant Abracadabra, which is delivered as an encrypted Excel file with the password VelvetSweatShop, the default password for Excel documents that allows it to bypass many basic anti-virus solutions.
Additionally, a six-year-old denial of service (DoS) vulnerability affecting WordPress and Drupal made a comeback in this period, and was included in the top 10 of WatchGuard’s list of network attacks by volume.
Commenting on the findings, Corey Nachreiner, CTO of WatchGuard, said: “Businesses aren’t the only ones that have adjusted operations due to the global COVID-19 pandemic – cyber-criminals have too.
“The rise in sophisticated attacks, despite the fact that overall malware detections declined in Q2, likely due to the shift to remote work, shows that attackers are turning to more evasive tactics that traditional signature-based anti-malware defenses simply can’t catch. Every organization should be prioritizing behavior-based threat detection, cloud-based sandboxing, and a layered set of security services to protect both the core network, as well as remote workforces.”