Evasive malware now used in majority of attacks

Evasive malware designed to hide from conventional signature-based antivirus detection has grown to account for more than two-thirds of total malware attacks, according to WatchGuard Technologies.

The network security and intelligence company's Internet Security Report for Q4 2019 found that use of evasive malware spiked significantly during the quarter from the year-long average of 35%.

The company warned that evasive malware is becoming the rule rather than the exception, and urged companies to consider more advanced forms of malware defence than traditional solutions.

Another attack vector that is seeing significant growth in adoption involves SQL injection attacks. Such attacks became the most common network attack of 2019 by a wide margin after surging 8000% since 2018.

Meanwhile, attackers are increasingly using automated malware distribution to cover more targets simultaneously. WatchGuard research found that many attacks are now hitting around 70% to 80% of the Firebox firewall-in-a-box appliances it uses to track attacks in a single country.

During the quarter, the roughly 40,000 appliances used to collate threat intelligence data blocked over 34.5 million malware variants and nearly 1.9 million network attacks.

Also during the quarter, WatchGuard identified widespread phishing campaigns that are still exploiting a Microsoft Excel vulnerability first discovered in 2017. The dropper malware is used to download several other malware variants into an infected PC.

One of the malware samples used in the attack campaign — the Agent Tesla keylogger malware — has also been used in several phishing attacks last month that aimed to manipulate fears around the coronavirus.

Finally, WatchGuard noted that Mac malware, particularly adware, is growing in popularity among attackers. In Q4, one of the top compromised websites hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update.

Image credit: ©stock.adobe.com/au/Lasha Kilasonia