Script-based cyber attacks and malware growing, claims survey

SMBs bearing the brunt of a big increase in cyber attacks, warns WatchGuard

The past year has witnessed a significant increase in scripting attacks against small and medium businesses in 2017, a survey has indicated.

According to WatchGuard's latest Internet Security Report, cyber crooks are increasingly targeting small to medium-size businesses (SMBs) and distributed enterprises.

Scripting attacks - including those based on JavaScript and Visual Basic Script - made up 68 per cent of all attacks during the third quarter of the year, according to WatchGuard.

Meanwhile, the total number of malware attacks spiked by 81 per cent in the same quarter, and there were more than 19 million variants identified and blocked.

As for other results, the company found that cyber criminals favour cross-site scripting attacks for compromising web browsers and that they're spreading internationally.

Previous reports have focused on these attacks in Spain, but in the third quarter, XSS attacks began to attack other countries on a much bigger scale.

Legacy antivirus missed 24 per cent of malware this year, and over the past three quarters, signature-based antivirus has failed to detect attacks at increasing rates. It peaked at 47 per cent in the second quarter.

There have been more instances of suspicious HTML iframes, too. Attackers are capitalising on this form of attack to trick victims into accessing suspicious and malicious sites.

Whole these attacks can appear anywhere in the world, they dominate in the United States and Canada, and there have also been significant cases in the UK and Germany.

Authentication is still a big target for cyber criminals. They've been targeting authentication and credentials such as Mimikatz. However, brute force web login attempts continue to be highly visible.

To come up with these findings, WatchGuard analyses Firebox Feed data from almost 30,000 active WatchGuard UTM appliances worldwide. They blocked 19 million malware variants and 1.6 million network attacks in Q3.

WatchGuard said these statistics show that cyber crooks are upping their malware capabilities and various other attack capabilities.

Corey Nachreiner, chief technology officer at WatchGuard Technologies, said; "Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data.

"This quarter, we found that script-based attacks - like the fake Python library packages discovered in September - appeared 20 times more than in Q2, while overall malware attacks shot through the roof.

"Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report."