In addition, Trojan.GenericKD, which covers a family of malware that creates a backdoor to a command-and-control server, and Backdoor.Small.DT, a web shell script used to create backdoors on web servers, were sixth and seventh on the list. This could indicate either growing adoption among malicious actors or more penetration testing by white hat hackers using Kali Linux.
The WatchGuard (www.watchguard.com) quarterly report reveals and ranks the most common domains attackers use to host malware and launch phishing attacks. These include several subdomains of legitimate sites and Content Delivery Networks (CDNs) such as CloudFlare.net, Amazon’s CloudFront, SharePoint and Amazonaws.com, along with legitimate file-sharing websites like my[.]mixtape[.]moe.
WatchGuard research shows that year-over-year malware volume increased by 64% and that it is increasingly targeting Europe and APAC. According to the report, in Q2 2019, nearly 37% of malware targeted the EMEA region, with several individual attacks focusing on the UK, Italy and Germany. APAC came in second, targeted by 36% of overall malware attacks. In particular, the Razy and Trojan.Phishing. MH malware variants primarily targeted the APAC region, with 11% of Trojan.Phishing.MH detections found in Japan.
“This edition of the Internet Security Report exposes the gritty details of the methods hackers use to sneak malware or phishing emails onto networks by hiding them on legitimate content hosting domains,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies.
“Luckily there are several ways to defend against this, including DNS-level filtering to block connections to known malicious websites, advanced anti-malware services, multi-factor authentication to prevent attacks leveraging compromised credentials, and training to help employees recognise phishing emails. No one defence will prevent every attack, so the best way for organisations to protect themselves is with a unified security platform that offers multiple layered security services.”
WatchGuard’s Internet Security Report provides real-world data on top security threats, as well as detailed analyses of major security incidents and best practices to help organisations of all sizes protect their business and their customers’ data.