Most widely-used "traditional" antivirus (opens in new tab) solutions fail to capture nearly 3/4 of threats in the first quarter of 2021, new research has claimed.
Compiled by cybersecurity (opens in new tab) vendor WatchGuard Technologies, the report shows that 74% of threats detected in Q1 2021 were zero-day malware (opens in new tab), which can bypass conventional signature-based antivirus solutions.
In all WatchGuard appliances detected over four million network attacks, which represents a 21% increase compared to the previous quarter and the highest volume since early 2018.
- These are the best ransomware protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- We've also put together a list of the best endpoint protection (opens in new tab) software
“Last quarter saw the highest level of zero day malware detections we’ve ever recorded. Evasive malware rates have actually eclipsed those of traditional threats, which is yet another sign that organisations need to evolve their defences to stay ahead of increasingly sophisticated threat actors,” said Corey Nachreiner, chief security officer at WatchGuard.
The sheer number of attacks leads WatchGuard to conclude that corporate servers continue to be a high-value target for attackers, despite the shift to remote and hybrid work.
One of the interesting findings in the report is how attackers are trying to disguise and repurpose old exploits.
For instance, the report sheds light on a simple file name trick that enabled threat actors to pass off a sinister ransomware (opens in new tab) loader as a legitimate PDF (opens in new tab) attachment. It also talks about an old directory traversal attack technique that uses the now decommissioned .cab archive files.
WatchGuard also witnessed attackers co-opting legitimate web domains to orchestrate malicious cryptomining (opens in new tab) campaigns. They pin the increase of cryptomining malware to recent price spikes in the cryptocurrency market and the relative ease with which threat actors can repurpose their victims’ computing resources.
In light of the developments, Nachreiner believes that traditional anti-malware solutions are “simply insufficient” for the prevailing threat environment.
He suggests that every business should implement a layered security strategy “that involves machine learning and behavioral analysis to detect and block new and advanced threats.”
- Check our list of the best firewall apps and services (opens in new tab)