Cybercrooks focusing more on credential theft

Cybercriminals are increasingly focused on the theft of log-in details and other credentials, according to WatchGuard’s latest Internet Security Report.

The report found that a popular open source tool used for credential theft — Mimikatz — was used so frequently during the second quarter that it made the top 10 list of malware variants for the first time, accounting for 36% of the top malware.

Likewise, phishing attacks increasingly incorporated malicious JavaScript code in HTML attachments to phishing emails that mimic login pages for popular sites including Google and Microsoft. Attackers also targeted the theft of Linux passwords in Northern Europe.

The quarterly Internet Security Report is based on anonymised Firebox Feed data from around 33,500 WatchGuard UTM appliances.

“The Firebox Feed data from Q2 shows that threat actors are more focused on credential theft than ever before. From JavaScript-enabled phishing attacks and attempts to steal Linux passwords, to brute force attacks against web servers, the common theme here is that login access is a top priority for criminals,” WatchGuard Technologies CTO Corey Nachreiner said.

“Knowing this, businesses must harden exposed servers, seriously consider multifactor authentication, train users to identify phishing attacks and implement advanced threat prevention solutions to protect their valuable data.”

The report also found that nearly half (47%) of the malware detected during the quarter was new or zero day, rendering traditional signature-based antivirus detection powerless to detect them.

In total, more than 16 million malware variants were detected and blocked during the quarter, with an average of 488 samples blocked per installed WatchGuard device.

Image credit: ©stock.adobe.com/au/monsitj

Follow us and share on Twitter and Facebook