WatchGuard Finds Explosion of Attacks Targeting Leading Web Conference Solution
21 March 2019 – Network attacks
targeting a vulnerability in the Cisco Webex Chrome extension have increased
dramatically according to WatchGuard® Technologies. In its latest Internet Security Report
for the last quarter of 2018, they were the second-most common network attack. The
vulnerability was first disclosed and patched in 2017 and attacks were almost
non-existent in early 2018, but WatchGuard detections grew by over 7,000
percent from Q3 to Q4.
The report also shows that Phishing campaigns saw a
dangerous increase in sophistication, with new attacks using advanced methods including
threatening to release recordings of users visiting adult content online, customising
emails for specific targets and creating fake banking login web pages. Based on
data from tens of thousands of active WatchGuard Firebox appliances around the
world, a new sextortion phishing attack was the second-most common attack
detected in Q4 2018. It accounted for almost half of the unique malware hashes
detected, because the email phishing message is tailored to each recipient. The
message claims the sender has infected the victim’s computer with a trojan and
recorded them visiting adult websites, threatening to send these compromising
images to their email contacts unless they pay a ransom.
“There was a noticeable increase in advanced phishing
attacks targeting high-value information,” said Corey Nachreiner, CTO at
WatchGuard Technologies. “Now more than ever, it’s vital for businesses to take
the layered approach to security and deploy solutions that offer DNS-level
filtering designed to detect and block potentially dangerous connections and
automatically refer employees to resources that bolster phishing awareness and
prevention. A combination of security controls and human training will help
businesses avoid becoming hooked by phishing attacks.”
The other top findings from the report include:
percent of all Fireboxes were targeted by CoinHive cryptominer – The
most widespread malware variant in Q4 came from the popular CoinHive
cryptominer family, showing that cryptomining remains a popular attack type.
Two of the top ten most common pieces of malware detected were also
major phishing attack leverages a fake bank page – Another
widespread piece of malware in Q4 sent a phishing email with a fake, but highly
realistic Wells Fargo login page to capture victim emails and passwords.
Overall, WatchGuard saw a rise in sophisticated phishing attacks targeting
ISP’s filtering error routed Google traffic through Russia and China for 74
minutes – The report includes a technical analysis of a Border
Gateway Protocol (BGP) hijack in November 2018 that inadvertently sent most of
Google’s traffic through Russia and China for a short time. WatchGuard found
that a Nigerian ISP called MainOne made a mistake in their routing filters,
which then spread to Russian and Chinese ISPs and caused much of Google’s traffic
to be routed through these ISPs unnecessarily. This accidental hijack
highlights the underlying insecure standards that the internet is based on. A
sophisticated attack targeting these flaws could have potentially catastrophic
attacks rise after historic lows in mid-2018 – Network
attacks rose 46 percent by volume and 167 percent in terms of unique signature
hits in Q4 compared to Q3 2018. This follows a trend seen in previous years
with attacks ramping up during the holiday season.
The 2018 Q4 ISR also includes a granular analysis of
source code for the Exobot banking trojan. This highly sophisticated malware
attempts to steal banking and financial information from Android devices. The
WatchGuard Threat Lab’s analysis includes a list of the 150 sites such as
Amazon, Facebook Paypal and Western Union that Exobot can automatically target,
as well as a detailed look at the UI an attacker using Exobot would use to push
commands to infected devices.
The insights, research and security best practices
included in WatchGuard’s quarterly Internet Security Report help organisations
of all sizes understand the current cyber security landscape and better protect
themselves, their partners and customers from emerging security threats.
The finding are based on anonymised Firebox Feed data from over 42,000 active WatchGuard
UTM appliances worldwide. In total, these Fireboxes blocked over 16
million malware variants (382 per device) and approximately 1,244,000 network
attacks (29 per device) in Q4 2018.
WatchGuard® Technologies, Inc. is a global leader in
network security, secure Wi-Fi, multi-factor authentication, and network
intelligence. The company’s award-winning products and services are trusted
around the world by nearly 10,000 security resellers and service providers to
protect more than 80,000 customers. WatchGuard’s mission is to make
enterprise-grade security accessible to companies of all types and sizes
through simplicity, making WatchGuard an ideal solution for distributed
enterprises and SMBs. The company is headquartered in Seattle, Washington, with
offices throughout North America, Europe, Asia Pacific, and Latin America. To
learn more, visit WatchGuard.com.
information, promotions and updates, follow WatchGuard on Twitter, @WatchGuardon Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog,
Secplicity, for real-time information about the latest threats and how to cope
with them at www.secplicity.org.