News &
Information

Ask Jack: Can An Image Deliver Malware?

Is it possible to deliver malware through an image? Jack provides the answer.

Ask Jack: What Is The Real Risk For Small- And Medium-Sized Businesses After A Cyber Attack?

Jack McCalmon, Esq. details the mindset small- and medium-sized employers should have when addressing cyber breach risk, and the end results of a breach.

Ask Jack: If I Purchase Macs, Do I Really Lower My Cyber Exposure?

An employer asks Jack McCalmon, Esq. if macOS will lower cyber exposures.

Emotet Malware Makes A Comeback: What is It And What Prevention Steps Can Employers Take?

Cybersecurity experts notice a significant increase in cybercriminals are using this malware to attack networks. What can you do to help prevent it?

Network Attacks Hit A Three-Year High: How Should Employers Respond?

July 28, 2022

The CSO at internet security company WatchGuard Technologies recently discussed a high-level summary of its Internet Security Report for Q4 2021, which revealed that all types of threats increased over 40 percent from the previous quarter.

When the pandemic started, observers note a big drop in malware being detected by network security devices, which suggested that as tech-based jobs moved to remote work, many employees were no longer using organizational resources to access the internet. This was likely the main reason employers' networks noted a drop in malware attacks via employee workstations. However, network attacks continued to rise through the pandemic, since the servers still lived at the offices and in the cloud, and network security still protected those.

In Q4 2021, observers noted an increase in the number of malware threats directed at the user level. Some of this may be because of the normal holiday shopping season, but most likely, the returning of workers to the office is the likely explanation for the increase in corporate detection rates. "Network attacks increased to a 3-year high" www.helpnetsecurity.com (Apr. 26, 2022).

Commentary

WatchGuard also noted that among browser-based malware threats, by far the most targeted was the now obsolete Microsoft’s Internet Explorer (IE). This was so even though IE has one of the lowest user rates among major browsers. Chrome’s market share is at least 70 percent, followed by Safari, Firefox, and Microsoft Edge. IE has less than one percent market share.

The Report noted a decrease in the incidents of ransomware, but crypto-mining malware remained relatively steady.

Finally, it noted a high incidence (66 percent) of zero-day malware infections still exists. This is malware that gets past signature-based protection defenses because in and of itself, it does nothing to attract the attention of the security software. Instead, once operational, it uses built-in operating system files to accomplish its work. Moreover, about 67 percent of that zero-day malware arrives over encrypted

(secure web) connections, often the result of successful phishing attempts. This suggests threat actors are focusing even more on evasion than sophistication.

All of these reports suggest that the threat environment facing employers has increased, but many of the more severe threats can be addressed through continued training and the following of well-thought-out security protocols. Using updated and more secure internet browsers is strongly suggested. Finally, the continued use of evasion tactics by the majority of malware suggests reliance on traditional signature-based defenses may not be the best long-term solution. Instead, the use of real-time or AI-based defenses may be the best option.

Finally, your opinion is important to us. Please complete the opinion survey: