Most malware came through HTTPS connections in Q1 2020

Signature-based antivirus protection would have been ineffective

Two-thirds of all malware-hit computers got infected through encrypted HTTPS connections in the first quarter of 2020.

That's accoring to WatchGuard, which also found that 72% of encrypted malware was categorized as zero-day, so signature-based antivirus protection would not have prevented their intrusion. The UK was the most targeted country for the five most widespread network attacks.

Companies that don’t conduct HTTPS inspection of encrypted traffic or engage in advanced behavior-based threat detection and response are not catching these types of threats. 

Advertisement - Article continues below

“Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, CTO, WatchGuard.

“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Other findings for Q1 include:

  • Hosted or controlled Monero crypto miners made up half of the top 10 domains distributing malware. With crypto mining’s growth in popularity, online criminals have been adding crypto-mining modules to malware to take advantage of the opportunity.
  • Two of the top five malware variants include Flawed-Ammy and Cryxos. Flawed-Ammy remotely accesses victims’ computers through Ammyy Admin support software. The Cryxos Trojan, often used to target victims in Hong Kong, is typically attached as a fake invoice in an email and steals users’ email addresses and passwords.
  • A previously patched Adobe Acrobat Reader exploit from August 2017 made the top network attacks list in Q1, which shows the importance of staying on top of software patches and updates.
  • Three new domains involved in hosting phishing campaigns appeared on the top 10 list, including an impersonation of Mapp Engage (digital marketing and analytics), a Chinese campaign for Bet365 (online betting platform) and a now-defunct AT&T login page.
  • The increase in remote work due to COVID-19 has led to more attacks targeting individuals. There were also 11.6% fewer network attacks and 6.96 fewer malware hits, as there are fewer targets working within traditional networks.
Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020