Story image

Mac malware on WatchGuard’s top ten list for first time

18 Dec 18

Mac-based malware has appeared on the list of the top ten most common types of malware for the first time in WatchGuard’s quarterly Internet Security Report.

The Mac scareware appeared in sixth place in WatchGuard’s latest Q3 2018 report and is primarily delivered by email to trick victims into installing fake cleaning software.

The new report also found that 6.8% of the world’s top 100,000 websites still accept old, insecure versions of the SSL encryption protocol, while more malware hits were seen in Asia-Pacific than in any other geographical region, reflecting a significant increase in attacks targeted at this area throughout 2018.

The report is based on data from active WatchGuard Firebox unified threat management (UTM) appliances around the world and covers the major malware campaigns, network attacks and security threats targeting midmarket businesses and distributed enterprises.

WatchGuard Technologies CTO Corey Nachreiner says, “Outside of a few surprising finds, like Mac scareware in our top ten malware list, we saw attackers stick to what they know in Q3 by reusing and modifying old attacks like cross-site scripting, Mimikatz and cryptominers.

“It’s a good reminder that the vast majority of attacks aren’t ultra-advanced zero-days and can be prevented by using a layered security approach with advanced malware detection capabilities and investing in secure Wi-Fi and multi-factor authentication (MFA) solutions.”

“However, we are quite concerned at how many major websites are still using the insecure SSL protocol. This is a basic security best practice that should be implemented across 99.9% of the internet by now – it puts hundreds of thousands of users at risk.”

The insights, research and security best practices included in WatchGuard’s quarterly Internet Security Report help organisations of all sizes understand the current cybersecurity landscape and better protect themselves, their partners and customers from emerging security threats.

The top takeaways from the Q3 2018 report include: 

  • 6.8% of the top 100,000 websites still support old, insecure versions of the SSL protocol. Despite it being deprecated by the Internet Engineering Task Force (SSL 2.0 was deprecated in 2011 and SSL 3.0 in 2015), 5,383 websites in the top 100,000 via Alexa still accept SSL 2.0 and SSL 3.0 encryption. Also, 20.9% of the top 100,000 websites still do not use web encryption at all.
     
  • Mac malware cracks the top ten for the first time ever. A piece of Mac scareware appeared in sixth place in WatchGuard’s top ten malware list. It is primarily delivered by email and tries to trick victims into installing fake cleaning software.
     
  • Hackers target APAC. For the second time ever, APAC reported more total malware hits than EMEA or the USA. Top variants included Razy, which targeted APAC almost exclusively, Win32/Heur and MAC.OSX.AMCleanerCA.
     
  • Cryptominers remain popular. Razy, the second most common piece of malware detected by WatchGuard, evolved into a cryptominer in Q3 and made up 4% of all malware blocked by WatchGuard antivirus service worldwide.
     
  • Mimikatz remains the most popular malware in Q3. This popular password theft kit has dominated WatchGuard’s top ten malware list for multiple quarters and shows no sign of slowing down.
     
  • Attackers go after web applications with cross-site scripting. Cross-site scripting accounted for 39.3% of the top ten exploits in Q3, primarily targeting web applications. 

The complete Q3 ISR also includes an analysis of the Facebook “View As” data breach.

It explains how chaining vulnerabilities together allowed hackers to steal personal information from 50 million Facebook accounts, as well as best practices for security professionals based on the malware and network attack trends explained in this report.

These findings are based on anonymised Firebox Feed data from over 40,000 active WatchGuard UTM appliances worldwide

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.