Quarterly Internet Security Report – Watchguard’s analyses

It is the first time that we present the quarterly expert summary of one of our security production partners. It presents the experience gathered in the past quarter about cyber attacks. Watchguard’s main advantage is that its own products provide real-time attack information from all over the world, the analysis of which can provide a true overview of serious threats.

Quarterly Internet Security Report – Watchguard’s analyses

Watchguard’s Internet Security Report can be viewed and downloaded here:

The experience in the first quarter (Q1 2018)

In the first quarter of 2018, Watchguard provided protection against more than 23.7 million malware variants (628 per device) and more than 10.5 million network attacks (278 per device).

Attackers have lots of options to get their malware to the victim. In most cases this is done via e-mail attachments or via download from a website. In Q1 2018 25% of attacks were received via email (SMTP/POP3/IMAP), and 75% of them via web-based (http/HTTPS) connection.

Although the first quarter shows a decline if compared to the last quarter of 2017, we should not forget that this is not due to a diminishing will of attackers but only to the lower effectiveness of using the opportunities. The decline is attributed, among others, to the fact that the year-end holidays (Christmas, Thanksgiving, Halloween, New Year’s Eve) offer an excellent opportunity for social engineering, i.e. for attacks that are based on human credulity.

The attacks were distributed in Q1 2018 as follows:
24.3% America
40.7% EMEA
35% APAC

Ramnit malware

A malware of the past has returned. Of course not in its old but in a renewed form. Its exact type is hard to define because during its life cycle spanning the last seven years it has shown the characteristics of several types (worm, virus, Trojan).

Ramnit is a malware that attacks Windows systems and after infecting them, it turns off their security programs (Windows Defender, Windows Firewall, User Account Control). It also prevents you from installing other antivirus programs. Once the computer got infected, the virus starts to collect log-in identifiers (including those used for banking and social media sites) by generating falsified starting pages instead of those meant to be opened in the browser. After this it sends these log-in details to the attacker.

Interestingly, 98.9% of Ramnit detections came from Italy.

Firebox Feed

The Firebox appliances have a function that enables customers to share threat telemetry and other data with WatchGuard. Watchguard Threat Lab constantly monitors and analyses the malware and network attacks reported by the users.

The information so received can help them increase the protection capabilities of the system and make it always up to date.

In addition to developing Firefox Feed, there are three focus areas:

  • Intrusion Prevention Service against network exploits
  • Gateway Antivirus Service against malware
  • APT Blocker for identifying advanced malware

During Q1 2018 we received threat reports from more than 37,000 Fireboxes which means 10% of appliances worldwide.

It is the common interest of Watchguard and its customers to get as many users as possible to join the service so that protection can reach the highest possible level.

Watchguard wins 3 awards

Watchguard has won 3 awards at Network Products Guide’s 2018 IT World Awards. Watchguard Firebox M370 won a gold prize again in the Security Hardware category. This Product was developed for small and medium-sized enterprises in order to protect them against attacks against which larger companies already have turnkey solutions.

János Klincsok
Systems Engineer