WatchGuard technologies in its recent research named as Internet Security Report for Q2 2018, explored the latest security threats affecting small to midsize businesses and distributed enterprises. The research revealed that 50 % of government and military employee LinkedIn passwords were weak enough to be cracked in less than two days. This finding, along with the emergence of the Mimikatz credential-stealing malware as a top threat and the popularity of brute force login attacks against web applications, underscores the reality that passwords alone can’t offer sufficient protection, and emphasizes the need for multi-factor authentication (MFA) solutions in every organization.
“Authentication is the cornerstone of security, and we’re seeing overwhelming evidence of its critical importance in the common trend of password- and credential-focused threats throughout Q2 2018,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Whether it’s an evasive credential-stealing malware variant or a brute force login attack, cyber criminals are laser-focused on hacking passwords for easy access to restricted networks and sensitive data. At WatchGuard, these trends are driving new innovative defenses within our product portfolio, including AuthPoint, our Cloud-based multi-factor authentication solution and our IntelligentAV service, which leverages three malware detection engines to prevent malware strains that evade traditional signature-based antivirus products. Every organization should seek out vendor and solution provider partners that offer layered protection against these ever-evolving attack techniques.”
The top takeaways from the Q2 2018 report include:
o Mimikatz’s dominance suggests that authentication attacks and credential theft are still major priorities for cyber criminals – another indicator that passwords alone are inadequate as a security control, and should be fortified with MFA services that make hackers’ lives harder by requiring additional authentication factors in order to successfully login and access the network.
o More than 75 % of malware attacks are delivered over the web the research revealed. A total of 76 % of threats from Q2 were web-based, suggested that organizations need an HTTP and HTTPS inspection mechanism to prevent the vast majority of attacks. Ranked as the fourth most prevalent web attack in particular, “WEB Brute Force Login -1.1021” enables attackers to execute a massive deluge of login attempts against web applications, leveraging an endless series of random combinations to crack user passwords in a short period of time. This attack in particular is another example of cyber criminals’ heightened focus on credential theft, and shows the importance of not only password security and complexity, but the need for MFA solutions as a more effective preventative measure.
o Cryptocurrency miners earned a top spot as a malware variant. As anticipated, malicious cryptominers are continuing to grow in popularity as a hacking tactic, making their way into WatchGuard’s top 10 malware list for the first time in Q2.
o Cyber criminals continue to rely on malicious Office documents. Threat actors continue to booby-trap Office documents, exploiting old vulnerabilities in the popular Microsoft product to fool unsuspecting victims.
The Internet Security Report featured an in-depth analysis of the EFail encryption vulnerability, along with insight into the top attacks in Q2 and defensive strategies SMBs can use to improve their security posture. These finding were based on anonymized Firebox Feed data from nearly 40,000 active WatchGuard UTM appliances worldwide, which blocked nearly 14 million malware variants (449 per device) and more than 1 million network attacks (26 per device) in Q2 2018.