If the fourth quarter for 2021 is any indication, 2022 will be another year that cybersecurity and IT professionals would want to forget, as advanced network attacks increase by 33% in the fourth quarter, indicating a higher level of zero day threats than ever before, reports WatchGuard Technologies.
In a new analysis of the fourth quarter of last year, the cybersecurity firm found that the continued shift to hybrid work remains a thorn in the side of IT and cybersecurity professionals as they are faced with an expanded attack surface and more holes to plug.
According to WatchGuard’s quarterly Internet Security Report, total network attack detections continue to climb, as there was a 33% increase in advanced threats and malware increased nearly 40% quarter over quarter. Network intrusion detections continue to rise, increasing 39% quarter over quarter due to the targeting of older vulnerabilities and growth in organization’s IT environments causing network defense to be more complex.
In addition to finding that malware threats in the EMEA region were detected at a much higher rate than anywhere else in the world, WatchGuard’s quarterly report also discovered a new leader in Office exploit malware. According to the company, the fourth quarter saw a significant incidence of malware targeting Office documents, which is in line with findings from the third quarter.
According to the WatchGuard report, a 2018 bug in Microsoft office that allows remote code execution has emerged as one of the most widespread Office exploits. CVE-2018-0802 is an RCE that exists in Office when the software fails to property handle objects in memory. According to Microsoft, an attacker could exploit it to run arbitrary code in the context of the user if the user opens a specially crafted file.
WatchGuard says that exploit remains in the top 10, but has since moved up one spot form last quarter, and may be the top Office exploit. The company says that 2018 bug may have replaced CVE-2017-11882, another Office RCE that has a similar exploit path.
In other alarming news for IT professionals, WatchGuard says two new malware domains were added this quarter to the list of top malware domains detected by the company, including one (Skyprobar[.]info) linked to Emotet, the banking trojan that has since evolved into a common-and-control and distribution infrastructure for other payloads.
In a statement, Corey Nachreiner, chief security officer at WatchGuard, urges organizations to harden their defenses and take a more unified approach to security.
“With the highest level of zero-day threats we’ve ever recorded and an attack surface that extends well beyond the network perimeter to IoT, home networks and mobile devices, companies need to adopt a true unified security approach that can adapt quickly and efficiently to the growing threat landscape,” Nachreiner said. “Organizations should make a commitment to implementing simple but critically important measures like updating and patching systems on a regular basis so they’re not enabling hackers.”