Internet Security Threat Report Q4 2019 - Watchguard

WatchGuard’s quarterly Internet Security Report (ISR)

Let's Talk Security

Executive Summary

Q4 2019 saw an explosion in zero day malware (which is malware that signature-based protections missed during the first few days or weeks of its release) reaching an all-time high of 68% of total
detected malware. This is up from the approximate 37% average of 2018 and 2019, making Q4 2019 the worst malware quarter on our books. We also continue to see a number of malicious Excel
droppers and more Mac adware hit our top malware lists. Web application attacks continue to fill our network threat lists, with SQL injection attacks in the lead. Finally, this quarter we dissected
Macys’ October eCommerce site breach and describe how attackers used the malicious MageCart JavaScript to skim credit card information.


Additional Q4 2019 Internet Security Report highlights include:


• Zero day malware, or evasive malware that sneaks past signature-based defenses, exploded to a record high of 68% of total malware. This is up from an average of 37% over the last year. WatchGuard saw corresponding jumps in the amount of malware blocked by IntelligentAV and APT Blocker.


• In Q4, reporting Fireboxes blocked 34.5 million malware samples, which is about 860 malware hits per Firebox — an all-time high.


• Old Microsoft Excel vulnerability still heavily exploited. A Microsoft Excel vulnerability from 2017 was the 7th most common piece of malware on our top 10 malware list during Q4, showing attackers still actively exploit it in the wild.


• Mac adware returns to the top 10 list. One of the top compromised websites in Q4 2019 hosted macOS adware called Bundlore, which poses as an Adobe Flash update.


• During Q4 2019, Fireboxes blocked 1.88 million network attacks, translating to almost 47 attacks per Firebox.


• SQL injection attacks were the major network attack of Q4 2019. SQL Injection attacks rose an enormous 8000% in Q4 2019 compared to 2018 and was the most common network attack by a significant margin.


• Nearly half of the network attacks were isolated to one of the three geographic regions (AMER, EMEA, APAC).


• Macys’ eCommerce site was hit by MageCart, a malicious JavaScript threat that skims credit card transactions as customers make them.


• DNSWatch showed that attackers still use legitimate image sharing sites to distribute malware. See the DNS section for more info about the top compromised sites.

Now that you know the highlights, let’s dig into the details. By the end of this report, you will know the right cyber threats to concentrate on and will have the defense tips to stay safe.

To find out more about how we can resolve your IT issues please email or call us:

Send us an email Call us +44 (0)1462 416400
Latest News
It happens in many different forms, but the most common is through an email ...Read More
It’s currently riding waves; infiltrating the remote work space. ...Read More
If you are not careful, hackers will find ways to infiltrate your syst...Read More
They tell you that one of your employees' email accounts has been hacke...Read More

You need an account to download info please sign in or sign up

The above information will only be used to answer your query as you have detailed. We would really like to keep you informed with other information we feel is relevant to your business. If you’re happy to hear from us about other products and services then please select your preferences:

By checking one or more of these options and by submitting your email address, you acknowledge that you have read our Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive information from us, you can send us an email message using the Contact Us page, or click on Unsubscribe on any communication.