www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7563
Public Scan
Submitted URL: https://go2.malwarebytes.com/ODA1LVVTRy0zMDAAAAGIzWtsc-K7-GXdTgOcz2Li0lqWUaweSiYqkd5gZcR_TcK3BZKatGrf3wniVnV9m7qajKn7Twk=
Effective URL: https://www.darkreading.com/vulnerabilities---threats/74--of-q1-malware-was-undetectable-via-signature-based-tools/d/d-id/13...
Submission: On December 20 via api from CH — Scanned from DE
Effective URL: https://www.darkreading.com/vulnerabilities---threats/74--of-q1-malware-was-undetectable-via-signature-based-tools/d/d-id/13...
Submission: On December 20 via api from CH — Scanned from DE
Form analysis 4 forms found in the DOM
Name: template_search_a — GET /search.asp
<form name="template_search_a" id="template_search_a" action="/search.asp" method="GET" style="margin: 0; padding: 0;">
<div style="height: 2.333333em; overflow: hidden; border: 1px solid #aaa;">
<input id="q" name="q" value="" type="text" maxlength="250" placeholder="Search Dark Reading">
<div style="float: right; background: url(https://img.deusm.com/darkreading/DR_search.png) no-repeat 0 -1px; width: 2.5em; height: 2.333333em;">
<a href="javascript:GetObject('template_search_a').submit();" title="Search"><img name="search_button" id="search_button" src="https://img.deusm.com/images/spacer.gif" width="30" height="28" style="border: 0;"></a>
</div>
</div>
</form>Name: template_search_b — GET /search.asp
<form name="template_search_b" id="template_search_b" action="/search.asp" method="GET" style="margin: 0; padding: 0;">
<div style="width: 100%; height: 28px; float: right;">
<input id="q" name="q" type="text" maxlength="250" placeholder="Search Dark Reading">
<div style="float: right; width: 30px; height: 28px;">
<a href="javascript:GetObject('template_search_b').submit();" title="Search"><img name="search_button" id="search_button" src="https://img.deusm.com/darkreading/DR_search.png" alt="Search" style="width: 1.416em; height: auto; margin: .5em .583em; border: 0;"></a>
</div>
</div>
</form>Name: survey_167 — POST https://www.darkreading.com/survey_submit.asp
<form name="survey_167" id="survey_167" action="https://www.darkreading.com/survey_submit.asp" method="post" class="inlinesurvey" onsubmit="return SubmitInPageSurvey(167,324);"> <input type="hidden" name="survey_id" id="survey_id" value="167"> <input
type="hidden" name="survey_server_name" id="survey_server_name" value="www.darkreading.com"> <input type="hidden" name="survey_script_name" id="survey_script_name" value="/survey_jsprepage.asp"> <input type="hidden"
name="survey_original_querystring" id="survey_original_querystring" value=""> <input type="hidden" name="survey_querystring" id="survey_querystring" value="survey_id=167&survey_width=324">
<table border="0" width="100%" style=" font-size: 12px " cellpadding="2" cellspacing="0">
<tbody>
<tr>
<td align="left" valign="top"><span class="black strong medium">How confident are you in your organization's plan for responding to a ransomware attack?</span></td>
</tr>
<tr>
<td align="left" valign="top"> <input type="hidden" name="surveyquestion_167_multiselect" id="surveyquestion_167_multiselect" value="yes">
<table border="0" style=" font-size: 12px " cellpadding="2">
<tbody>
<tr>
<td> </td>
<td><input type="radio" name="surveyquestion_167" id="surveyquestion_167" value="I'm confident that our business would continue to operate efficiently."></td>
<td><span class="black smaller">I'm confident that our business would continue to operate efficiently.</span></td>
</tr>
<tr>
<td colspan="3" align="left" valign="top" style="font-size: 1px; line-height: 0;"><img src="https://img.lightreading.com/images/spacer.gif" width="1" height="2" border="0"></td>
</tr>
<tr>
<td> </td>
<td><input type="radio" name="surveyquestion_167" id="surveyquestion_167" value="I'm worried that there are some holes in our plan that could cause business interruption."></td>
<td><span class="black smaller">I'm worried that there are some holes in our plan that could cause business interruption.</span></td>
</tr>
<tr>
<td colspan="3" align="left" valign="top" style="font-size: 1px; line-height: 0;"><img src="https://img.lightreading.com/images/spacer.gif" width="1" height="2" border="0"></td>
</tr>
<tr>
<td> </td>
<td><input type="radio" name="surveyquestion_167" id="surveyquestion_167" value="I think there are a lot of holes in our plan and it's likely that a business interruption would occur."></td>
<td><span class="black smaller">I think there are a lot of holes in our plan and it's likely that a business interruption would occur.</span></td>
</tr>
<tr>
<td colspan="3" align="left" valign="top" style="font-size: 1px; line-height: 0;"><img src="https://img.lightreading.com/images/spacer.gif" width="1" height="2" border="0"></td>
</tr>
<tr>
<td> </td>
<td><input type="radio" name="surveyquestion_167" id="surveyquestion_167" value="We don't have a plan for responding to ransomware."></td>
<td><span class="black smaller">We don't have a plan for responding to ransomware.</span></td>
</tr>
<tr>
<td colspan="3" align="left" valign="top" style="font-size: 1px; line-height: 0;"><img src="https://img.lightreading.com/images/spacer.gif" width="1" height="2" border="0"></td>
</tr>
<tr>
<td> </td>
<td><input type="radio" name="surveyquestion_167" id="surveyquestion_167" value="Not sure/don't know."></td>
<td><span class="black smaller">Not sure/don't know.</span></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td align="left" valign="top" style="font-size: 1px; line-height: 0;"><img src="https://img.lightreading.com/images/spacer.gif" width="1" height="8" border="0"></td>
</tr>
<tr>
<td><input type="submit" class="forminputbutton" name="Submit" value="Submit"></td>
</tr>
</tbody>
</table>
</form>Name: rate_menu — POST
<form name="rate_menu" id="rate_menu" action="" method="post">
<input type="hidden" name="piddl_pageobj" value="">
<input type="hidden" name="piddl_contentid" value="">
<input type="hidden" name="piddl_rate" value="">
<input type="hidden" name="piddl_rating" value="">
<input type="hidden" name="piddl_icons" value="">
<li>
<div class="notalink" style="text-align: left; padding-left: 3px; margin-left: 10px;">To rate this item, click on a rating below.</div>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('5');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('4');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('3');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('2');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li><a style="text-align: left;" href="javascript:RateThis('1');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"></a></li>
<li><a style="font-size: 10px; text-align: right; padding-right: 8px;" href="Javascript:HideRateMenu();">[close this box]</a></li>
</form>Text Content
This site uses cookies to provide you with the best user experience possible. By
using Dark Reading, you accept our use of cookies.
×
Informa
Dark Reading is part of the Informa Tech Division of Informa PLC
* Informa PLC
* About us
* Investor relations
* Talent
This site is operated by a business or businesses owned by Informa PLC and all
copyright resides with them.Informa PLC's registered office is 5 Howick Place,
London SW1P 1WG. Registered in England and Wales. Number 8860726.
Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Network Computing Dark Reading
Welcome Guest
Login to your account
Register
Advertise
About Us
* The Edge
* Authors
* Slideshows
* Video
* Reports
* White Papers
* Events
* Black Hat
* Attacks/Breaches
* App Sec
* Cloud
* Endpoint
* Mobile
* Perimeter
* Physical Security
* Risk
* Operations
* Analytics
* Vulns/Threats
* Threat Intelligence
* Careers and People
* IOT
* Security Now
* Omdia
* Login to your account
* Register
* About Us
* Advertise
* Facebook
* Twitter
* LinkedIn
* RSS
Follow DR:
Authors
Slideshows
Video
Tech Library
University
Security Now
Calendar
Black Hat News
Omdia Research
THE EDGE
Analytics
Attacks / Breaches
App Sec
Cloud
Endpoint
IoT
Operations
Perimeter
Physical Security
Risk
Threat Intelligence
Vulns / Threats
VULNERABILITIES / THREATS
End of Bibblio RCM includes -->
6/24/2021
05:50 PM
Jai Vijayan
News
Connect Directly
0 comments
Comment Now
Login
Share
74% OF Q1 MALWARE WAS UNDETECTABLE VIA SIGNATURE-BASED TOOLS
Attackers have improved on tweaking old malware to continue sneaking it past
traditional threat detection controls, researchers report.
Organizations relying on traditional signature-based tools to detect security
threats would likely have missed roughly three-quarters of malware samples that
hit their networks and systems last quarter, a new analysis shows.
WatchGuard Technologies recently analyzed threat data collected from customer
networks during the first quarter of 2021 and found 74% of threats detected were
zero-day malware for which no anti-virus signatures were available at time of
malware release. As a result, the malware was capable of bypassing
signature-based threat detection tools and breaching enterprise systems.
Related Content:
Top 5 Attack Techniques May Be Easier to Detect Than You Think
Special Report: Building the SOC of the Future
New From The Edge: rMTD: A Deception Method That Throws Attackers Off Their Game
The level of zero-day malware detections in the first quarter was the highest
WatchGuard has ever observed in a single quarter and completely eclipsed the
volume of traditional threats, the security vendor said in a report this week.
"The main takeaway is enterprises — and organizations of all sizes really — need
to get serious about proactive malware detection," says Corey Nachreiner, chief
security officer at WatchGuard. Attackers have consistently gotten better at
repackaging old malware in ways that its binary profile doesn't match previous
fingerprints and patterns used to detect it. In the past, such "packing and
crypting" required smart criminals. These days, tools are readily available in
underground markets that make it easy for attackers to keep digitally altering
the same malware so it can bypass signature-based systems, he says.
A few years ago, such zero-day malware represented about 30% of all detected
malware samples. More recently, that number has hovered around the 50% range and
occasionally hit 60%. Seeing that number reach 74% in the first quarter was a
bit surprising, Nachreiner says. "Pattern-based malware detection is no longer
sufficient with the volumes of new malware that we see today," he says.
"Traditional antivirus products alone will miss many threats."
Exacerbating the issue is the continued use of fileless or living-off-the-land
(LotL) techniques that are explicitly designed to evade traditional detection
tools, which focus on inspecting files and registry entries.
One particularly egregious example of such a fileless threat in the first
quarter was XML.JSLoader. "Ultimately it was JavaScript hidden in an XML file
that spawned PowerShell, one of the most common LotL techniques out there,"
Nachreiner says. The malware was one of five new malware families that cracked
WatchGuard's list of the top 10 malware by volume in the first quarter. The
others were Ursu, Trojan.IFrame, Zmutzy, and Zum.Androm.
"It's hard to say exactly why this threat hit such high volume and spread," he
notes; however, it likely had to do with the fact that XML.JSLoader was fileless
and attackers found success infecting systems with it.
Network Attack Volumes Rise
In other developments, network attack volumes reached a three-year high in the
first quarter of this year. WatchGuard's analysis showed more than 4.2 million
hits on its intrusion prevention systems at customer suites. On average, the
company's Firebox appliances blocked 113 attacks per appliance — a 47% increase
over the previous quarter. The overall increase in network attack volumes came
amid a decline in network malware volumes.
"We believe this pattern speaks to the changes in remote work that followed
the pandemic," Nachreiner notes.
Before the second quarter of 2020, network attacks and malware detection were
both rising quarter after quarter at the network gateway. Since the pandemic
began, attackers have focused more on remote employee endpoints. The trend has
driven a decline in network malware detections. However, network attacks, such
as those exploiting software vulnerabilities on enterprise servers and network
services, have continued to grow. In fact, companies may have even exposed more
network services to enable better remote access to corporate resources.
"In other words, some of these trends speak more to where we now catch certain
threats due to remote work," Nachreiner says. "Malware detection today leans
more on the endpoint since home employees don't have sophisticated network
security, but you still need your network perimeter to protect your cloud and
office servers."
Interestingly, and counter to a trend that at least a couple of other vendors
have reported, WatchGuard says it observed a decline in malware using encrypted
communications during the first quarter of 2021. According to the vendor,
malware sent over encrypted communication declined to under 44% last quarter,
marking a 10% drop from the third quarter of 2020 and 3% drop from the fourth
quarter of 2020. WatchGuard says it observed the same pattern with zero-day
malware as well. Other companies, such as Sophos, have reported just the
opposite — a sharp increase in malware using encrypted communication between the
last quarter and previous few quarters.
Nachreiner says one likely reason is that many WatchGuard customers have simply
not enabled HTTPS inspection on their Firebox appliance because it involves some
degree of work. Otherwise, WatchGuard too has generally observed a consistent
increase in malware using TLS in recent years. "We expect more and more malware
to leverage encryption as more and more of the legitimate web goes HTTPS only,"
he says.
The threat landscape in the first quarter of 2021 highlights the need for
organizations to deploy protections that go beyond signature and pattern-based
tools. Organizations increasingly need controls for both blocking threats before
they execute and for detecting and responding to them after execution.
"In general, endpoint protection (EPP) solutions focus on preventing malware
pre-execution, while endpoint detection and response (EDR) solutions focus on
detecting malware that might have made it on your system and is running,"
Nachreiner says.
Jai Vijayan is a seasoned technology reporter with over 20 years of experience
in IT trade journalism. He was most recently a Senior Editor at Computerworld,
where he covered information security and data privacy issues for the
publication. Over the course of his 20-year ... View Full Bio
Comment |
Email This |
Print |
RSS
More Insights
Webcasts
Future of Cloud: What's Up in 2023
The World's Best (Digital) Workplaces
More Webcasts
White Papers
Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29
Detecting Common Exploit Paths Exposed on the Internet
More White Papers
Reports
M-TRENDS 2022 Insights into Today's Top Cyber Security Trends and Attacks
How Machine Learning, AI & Deep Learning Improve Cybersecurity
More Reports
//Comments
Newest First | Oldest First | Threaded View
[close this box]
Be the first to post a comment regarding this story.
Editors' Choice
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,
7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer, 7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE, 7/9/2021
Subscribe to Newsletters
Live Events
Webinars
Black Hat USA - August 5-10 - Learn More
Black Hat Asia - May 9-12 - Learn More
[FREE Virtual Event] The Identity Crisis
More Informa Tech Live Events
Security Considerations for Working with Cloud Services Providers
Seeing Your Attack Surface Through the Eyes of an Adversary
Cloud Security Essentials
Webinar Archives
White Papers
How Machine Learning, AI & Deep Learning Improve Cybersecurity
State of Email Security
Ransomware Resilience and Response: The Next-Generation
State of Ransomware Readiness: Facing the Reality Gap
How Hybrid Work Fuels Ransomware Attacks
More White Papers
Video
XDR: Differentiated Threat Detection
1 Comments
SecOps and DevOps: From Cooperation to ...
0 Comments
Cybersecurity Responsibility in a ...
0 Comments
SPIF: An Infosec Tool for Organizing Tools
0 Comments
Supporting Women in InfoSec
0 Comments
Ransomware Trains Its Sights on Cloud ...
16 Comments
Qualys Launches Free App for IT Asset ...
2 Comments
Virtual World of Containers, VMs Creates ...
2 Comments
Spirent Nixes Over-Reliance on Compliance ...
1 Comments
App Security Still Dogs Developers, ...
3 Comments
Cloud Services Require a Shift in ...
2 Comments
Regular User Training Most Effective ...
3 Comments
All Videos
Cartoon
Latest Comment: I've heard of people walking right out the front door with
entire servers...
Cartoon Archive
Current Issue
10 Hot Talks From Black Hat USA 2022
Black Hat USA brings together cutting-edge research, new security tools, and
sophisticated defensive techniques over the course of two days. There were some
recurring themes across the sessions, and many of these topics are going to be
important issues to watch in 2023. This report covers the following topics:
--Identity and access management --Container security --Software supply chain
security --Defensive techniques such as threat hunting --Workforce Challenges
--Geopolitics --Role of AI and Machine Learning
Download This Issue!
Back Issues | Must Reads
Flash Poll
.
How confident are you in your organization's plan for responding to a ransomware
attack?
I'm confident that our business would continue to operate efficiently. I'm
worried that there are some holes in our plan that could cause business
interruption. I think there are a lot of holes in our plan and it's likely
that a business interruption would occur. We don't have a plan for responding
to ransomware. Not sure/don't know.
All Polls
Reports
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think
harder about the security of their off-the-shelf software as they continue to
move left in secure software development practices.
Download Now!
Assessing Cybersecurity Risk in Today's Enterprises
0 comments
The Malware Threat Landscape
0 comments
How Data Breaches Affect the Enterprise (2020)
0 comments
More Reports
Twitter Feed
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4619
PUBLISHED: 2022-12-20
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the ‘Extra CSS
class’ parameter in versions up to, and including, 1.4 due to
insufficient input sanitization and output escaping. This makes it possible for
a...
CVE-2022-46020
PUBLISHED: 2022-12-20
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
CVE-2022-46550
PUBLISHED: 2022-12-20
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls
parameter at /goform/saveParentControlInfo.
CVE-2022-46551
PUBLISHED: 2022-12-20
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time
parameter at /goform/saveParentControlInfo.
CVE-2022-46532
PUBLISHED: 2022-12-20
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the
deviceMac parameter at /goform/addWifiMacFilter.
Discover more from Informa Tech
* Interop
* InformationWeek
* Network Computing
* ITPro Today
* Data Center Knowledge
* Black Hat
Working With Us
* Contact us
* About Us
* Advertise
* Reprints
Follow DarkReading on Social
* Home
* Cookies
* CCPA: Do not sell my personal info
* Privacy
* Terms
Copyright © 2022 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.
To rate this item, click on a rating below.
[close this box]
*
* To save this item to your list of favorite Dark Reading content so you can
find it later in your Profile page, click the "Save It" button next to the
item.
*
* If you found this interesting or useful, please use the links to the services
below to share it with other readers. You will need a free account with each
service to share an item via that service.
* Tweet This
* [close this box]
Login
X
Change Password
X
Password Reset
X
×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar
technologies on this site and use personal data (e.g., your IP address). If you
consent, the cookies, device identifiers, or other information can be stored or
accessed on your device for the purposes described below. You can click "Allow
All" or "Decline All" or click Settings above to customize your consent.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalized content profile; ●
Select personalised content; ● Personalized ads, ad measurement and audience
insights; ● Product development. For some of the purposes above, our advertising
partners: ● Use precise geolocation data. Some of our partners rely on their
legitimate business interests to process personal data. View our advertising
partners if you wish to provide or deny consent for specific partners, review
the purposes each partner believes they have a legitimate interest for, and
object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the Manage consent
preferences on this site.
Decline All
Allow All
Manage consent preferences