This article is more than 1 year old

New phisherman's friends and a few old favourites slither out of WatchGuard's Security Report

New entry in network attack hit parade: That 2017 Cisco WebEx flaw you patched already (right?)

Attacks targeting a years-old – and patched – vulnerability in a Chrome extension for Cisco's WebEx are on the increase, according to security outfit WatchGuard.

The vulnerability, which was disclosed and rapidly fixed at the beginning of 2017, allows malicious websites to remotely execute commands on Window systems that have the extension installed.

The team noted that at the beginning of 2018, attacks targeting the vulnerability were "almost non-existent". But by the last quarter of 2018, it had grown to account for 7.4 per cent of all network attacks deflected by the company's Firebox devices.

The volume of incidents was enough to send the vuln straight in at number three in WatchGuard's top 10 list of network attacks, and number two for web attacks.

In better news, WatchGuard reckons that malware has declined, dropping 28 per cent since the last quarter and 51 per cent since the same period last year. Alas, depressingly, zero day malware grew to account for 37 per cent of all threats.

This represents a problem for the industry because it is tricky to defend against the unknown. WatchGuard pointed to the use of AI and behavioural analysis in its technology. Microsoft, of course, does something similar in its Defender Advanced Threat Protection line, updated this morning. Whoever your AV vendor, the growth in zero day malware is a worry.

Mimikatz continued its reign at the top of the charts, accounting for a jaw-dropping 18 per cent of all malware. Following behind was malware variant Trojan.Phishing.MH, which spoofs an email that appears to come from the victim's own address - the email warns victims that those behind the variant have somehow installed a Trojan that tracked the user's activities.

If the victim doesn't want their special moments in front of the screen broadcast to their contact list, it wheedles, then coughing up some bitcoin would be a good idea.

It's nonsense, of course. But the fact this type of email has leapt into the number two spot (in both a real and metaphorical sense) is a sign that miscreants reckon there are sufficient gullible and easily embarrassed users out there to make it worth their while.

As for the most widespread malware, the cryptominer JS.CoinHive topped the charts. JS.CoinHive doesn't actually download any files to a victim's computer, instead it is served up by a malicious or compromised web server and crouches in the user's kit, churning through CPU, as it does its crypto stuff.

Finally, the team reported that the APAC global region has returned to a distant third in the malware volume leaderboard, accounting for 17.4 per cent of detections versus 35.4 per cent for the Americas and 47.2 per cent for EMEA. ®

More about


Send us news

Other stories you might like