WatchGuard’s Q2 2018 Internet Security Report reveals password inadequacy still a top threat

New research conducted by the WatchGuard Threat Lab shows the emergence of the Mimikatz credential-stealing malware as a top threat and the growing popularity of brute force login attacks against web applications. The research also reveals that 50% of Government and military employee LinkedIn passwords, largely from the US, were weak enough to be cracked in less than two days, underscoring the reality that passwords alone cannot offer sufficient protection and that there’s an overriding need for multi-factor authentication (MFA) solutions.

WatchGuard’s Internet Security Report for Q2 2018 explores the latest security threats affecting SMEs and distributed enterprises.

“Authentication is the cornerstone of security and we’re seeing overwhelming evidence of its critical importance in the common trend of password- and credential-focused threats throughout Q2 2018,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Whether it’s an evasive credential-stealing malware variant or a brute force login attack, cyber criminals are laser-focused on hacking passwords for easy access to restricted networks and sensitive data. Every organisation should seek out vendor and solution provider partners that offer layered protection against these ever-evolving attack techniques.”

The insights, research and security Best Practice included in WatchGuard’s quarterly document are designed to help organisations of all sizes understand the current cyber security landscape and better protect themselves, their partners and customers from emerging security threats. The top ‘takeaways’ from the Q2 2018 report include:

Mimikatz was the most prevalent malware variant in Q2 Representing 27.2% of the Top 10 malware variants listed last quarter, Mimikatz is a well-known password and credential stealer that has been popular in past quarters, but has never been the top strain. This surge in Mimikatz’s dominance suggests that authentication attacks and credential theft are still major priorities for cyber criminals – another indicator that passwords alone are inadequate as a security control and should be fortified with MFA services that make hackers’ lives harder by requiring additional authentication factors in order to successfully login and access the network.

Roughly half of Government and military employee passwords are weak After conducting a thorough analysis of the 2012 LinkedIn data dump to identify trends in user password strength, WatchGuard’s Threat Lab team found that half of all passwords associated with “.mil” and “.gov” e-mail address domains within the database were objectively weak. Of the 355,023 (largely US Government and military) account passwords within the database, 178,580 were cracked in under two days. The most common passwords used by these accounts included ‘123456’, ‘password’, ‘linkedin’, ‘sunshine’ and ‘111111’.

Conversely, the team found that just over 50% of civilian passwords were weak. These findings further illustrate the need for stronger passwords for everyone, and a higher standard of security among public service employees who regularly handle potentially sensitive information. In addition to better password training and processes, every organisation should deploy multi-factor authentication solutions to reduce the risk of a data breach.

More than 75% of malware attacks are delivered over the web A total of 76% of threats from Q2 were web-based, suggesting that organisations need an HTTP and HTTPS inspection mechanism to prevent the majority of attacks. Ranked as the fourth most prevalent web attack in particular, WEB Brute Force Login -1.1021 enables attackers to execute a massive deluge of login attempts against web applications, leveraging an endless series of random combinations to crack user passwords in a short period of time. This attack in particular is another example of cyber criminals’ heightened focus on credential theft and shows the importance of not only password security and complexity, but also the need for MFA solutions as a more effective preventative measure.

Cryptocurrency miners earn spot as a top malware variant As anticipated, malicious cryptominers are continuing to grow in popularity as a hacking tactic, making their way into WatchGuard’s Top 10 malware list for the first time in Q2. Last quarter, WatchGuard uncovered its first named cryptominer, Cryptominer.AY, which matches a JavaScript cryptominer called ‘Coinhive’ and uses its victims’ computer resources to mine the popular privacy-focused cryptocurrency Monero (XRM). The data shows that victims in the US were the top geographical target for this cryptominer, receiving approximately 75% of the total volume of attacks.

Cyber criminals continue to rely on malicious Office documents Threat actors continue to ‘booby-trap’ Office documents, exploiting old vulnerabilities in the popular Microsoft product to fool unsuspecting victims. Interestingly, three new Office malware exploits made WatchGuard’s Top 10 list. 75% of these attacks targeted EMEA victims, with a heavy focus on users in Germany specifically.

The complete Internet Security Report features an in-depth analysis of the EFail encryption vulnerability, along with insights into the top attacks in Q2 and defensive strategies SMEs can use to improve their security posture.

The finding are based on anonymised Firebox Feed data from nearly 40,000 active WatchGuard UTM appliances worldwide which blocked nearly 14 million malware variants (449 per device) and more than one million network attacks (ie 26 per device) in Q2 2018.

*For more information download the full report

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts