Evasive malware increasing, evading signature-based antivirus solutions

Evasive malware has grown to record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions.

This is a dramatic increase from the year-long average of 35% for 2019 and points to the fact that obfuscated or evasive malware is becoming the rule, not the exception. Companies of all sizes need to deploy advanced anti-malware solutions that can detect and block these attacks.

In addition, widespread phishing campaigns exploiting a Microsoft Excel vulnerability from 2017 have been detected. This ‘dropper’ exploit was number seven on WatchGuard’s top ten malware list and heavily targeted the UK, Germany and New Zealand. It downloads several other types of malware onto victims’ systems, including a keylogger named Agent Tesla that was used in phishing attacks in February 2020 that preyed on early fears of the coronavirus outbreak.

Businesses of all sizes need to invest in multiple layers of security

“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” said Corey Nachreiner, CTO at WatchGuard.

“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security. Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”

Other key findings from the Q4 2019 report include:

• Mac adware jumps in popularity in Q4 – One of the top compromised websites detected in Q4 2019 hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update. This lines up with a MalwareBytes report from February 2020 that showed a rise in Mac malware, particularly adware.
• SQL injection attacks became the top network attack in 2019 – SQL injection attacks rose an enormous 8000% in total between 2018 and 2019, becoming the most common network attack of the year by a significant margin.
• Hackers increasingly using automated malware distribution – Many attacks hit 70 to 80 percent of all Fireboxes in a single country, suggesting attackers are automating their attacks more frequently.