2018 Q1 Internet Security Report - Threat Landscape

Today, we released our quarterly Internet Security Report covering Q1 2018. Every quarter we examine anonymized data from WatchGuard Firebox UTM appliances all across the world and report on the most common malware variants and network attacks that our appliances block. This gives valuable real-world information on the most common network and computer threats aimed at small and medium-sized businesses and distributed enterprises.

This quarter, active Fireboxes blocked more than 22.9 million malware variants and 10.5 million network attacks. We found growth in macro-less Word document attacks, a major jump in new or “zero-day” malware variants that did not match existing antivirus signatures, and much more.

Here are some of the major findings from the Q1 2018 Internet Security Report:

Cyber criminals are increasingly leveraging malicious WEB codes. HTTP_PROXY traffic redirection attacks cracked WatchGuard’s top ten malware list in Q1 and nine of the top-ten network attacks involved WEB exploits.
Overall malware attacks grew significantly. Also, zero-day malware variants (new malware variants that did not match an existing signature but were caught by more advanced Firebox security services) jumped from 57% percent to 85% in Singapore.
In the world wide figure, nearly half of all malware eluded basic antivirus (AV) solutions. That level of growth suggests criminals are using more sophisticated evasion techniques capable of slipping attacks past traditional AV services, which further underscores the importance of behavior-based defenses.
Scripting attacks account for 48 percent of top malware. Script-based attacks caught by signatures for JavaScript and Visual Basic Script threats, such as downloaders and droppers, accounted for the majority of malware detected in Q1.

Figure 2: Singapore Malware Attacks in Q4 2017

Figure 3: Singapore Malware Attacks in Q1 2018

Figure 4: World Wide Malware Attacks in Q1 2018

Overall, these findings show that bad actors continue to use obfuscation tactics and advanced download schemes to hide their malware and trick users. Traditional AV protections are no longer enough with 85% of malware attacks slipping past them. Now more than ever, businesses of all sizes need layered security services and advanced malware protection.