Endpoint security is a term used to describe cybersecurity services provided to network endpoints, it included providing Antivirus, email filtering, online filtering, and firewall services. Businesses rely on endpoint security to protect vital systems, intellectual property, customer details, employees, and visitors from ransomware, phishing, malware, and other threats.
"While the total volume of cyberattacks decreased slightly, malware per device increased for the first period since the pandemic began," said Corey Nachreiner, CSO at WatchGuard. "Zero-day malware increased by only 3% to 67.2 percent in Q3 2021, and malware delivered via Transport Layer Security (TLS) increased from 31.6 percent to 47 percent."
As consumers update to newer versions of Microsoft Windows and Office, cybercriminals are focused on fresh vulnerabilities — versions of Microsoft's widely used programs. CVE-2018-0802, which exploits a weakness in Microsoft Office's Equation Editor, cracked WatchGuard's top 10 entryway antivirus malware list in Q3, reaching number 6 after appearing on the widespread malware list.
In addition, two Windows software injectors (Win32/Heim.D and Win32/Heri) ranked first and sixth, on the most detected list. In Q3, the Americans were the focus of 64.5 percent of network attacks, compared to 15.5 percent for Europe and 15.5 percent for APAC (20 percent ).
Following three-quarters of more than 20% increase, a reduction of 21% brought volumes back to Q1 levels. The top ten network attack signatures are responsible for the majority of attacks – The top 10 signatures were responsible for 81 percent of the 4,095,320 hits discovered by IPS in Q3. In fact, 'WEB Remote File Inclusion /etc/passwd' (1054837), which targets older, commonly used Microsoft Internet Information Services (IIS) web servers, was the only new signature in the top ten in Q3. One signature (1059160), a SQL injection, has remained at the top of the list since the second quarter of 2019.
From application flaws to script-based living-off-the-land attacks, even those with modest skills may use scripting tools like PowerSploit and PowerWare, there were also 10% additional attack scripts than there were in all of 2020, a 666 percent raise over the previous year.
In total, 5.6 million harmful domains were blocked in the third quarter, including many new malware domains attempting to install crypto mining software, key loggers, and wireless access trojans (RATs), as well as SharePoint sites harvesting Office365 login information. The number of blacklisted domains is down 23% from the past quarter, it is still several times greater than the level seen in Q4 2020.
Ransomware attacks reached 105 percent of 2020 output by the end of September, as expected after the previous quarter, and are on track to exceed 150 percent after the entire year of 2021 data is analyzed.
According to WatchGuard's investigation, attackers operating with the REvil ransomware-as-a-service (RaaS) operation exploited three zero-day vulnerabilities in Kaseya VSA Remote Monitoring and Management (RMM) applications to deliver ransomware to more than 1,500 organizations and potentially millions of endpoints.