What is special about Mimikatz

62 percent more malware compared to the previous quarter and cyber criminals who are increasingly combining different attack techniques - the Internet Security Report from WatchGuard for the first quarter of 2019 paints a clear picture of the current threat situation. Mimikatz plays a special role.

In the first three months of this year, according to WatchGuard [1], the attackers redoubled their efforts to obtain identity and network access data via malicious Microsoft Office documents, Mac malware and web application exploits. This reflects a development that companies should respond to.

"The key findings of the last report clearly highlight the need for a multi-layered security approach," said Corey Nachreiner, chief technology officer at WatchGuard Technologies Blocking phishing attempts, from Intrusion Prevention Services (IPS) to defend against attacks on web applications, to multifactor authentication to protect personal credentials. It is necessary to counter the multitude of different attack methods and vectors with a uniform security platform with appropriate security services. "

The findings, research results and security best practices in the quarterly Internet Security Report help medium-sized companies as well as large, decentralized organizations to provide an overview of the current cyber security landscape. As a result, they can better protect themselves, their partners and customers from threats. Key findings from the first quarter 2019 report include:

  • Attackers still prefer malicious Office documents - In the first quarter of 2019, over 17 percent of Firebox appliances blocked compromised Office documents. Two threats in this category even made it into the list of the most widespread malware variants and the top ten attacks by volume. More than half have been blocked in the EMEA region, mostly in Eastern Europe. Users should definitely avoid interacting with suspicious Office documents and consider any attachments attempting to enable macros as a threat.
  • Mac OS malware still on the rise - Mac malware first appeared in WatchGuard's top 10 malware chart in Q3 2018. In the first three months of this year, two variants have spread widely enough to make it onto the list. This proliferation of Mac-based malware dispels the myth that Apple machines are immune to viruses and malware. This makes it all the more important to extend threat protection to all devices and systems in the company.
  • Web application exploits on the rise - Despite a decrease in the overall volume of network attacks in the first quarter, attacks on web applications increased significantly. WatchGuard's IPS module caught attackers exploiting vulnerabilities using cross-site scripting (XSS) and SQL injection (SQLI) - both popular methods of stealing access data. Two SQLI attacks made it into the top 10 network attack list, and a specific Web XSS attack made up more than 10 percent of the total network attacks.
  • DNS filters block more than five million malicious websites - WatchGuard's DNSWatch service successfully prevented 5,192,883 attempts from malicious websites. It also blocked over half a million connections to known malware hosting domains, 187,101 to compromised websites, and 61,096 to known phishing sites. Malicious websites can be difficult to identify by the user alone. For this reason, filtering at the DNS level is critical. It prevents users from unknowingly falling victim to malware infections, identity theft, or botnet command and control systems.
  • Fileless malware holds its own - Fileless threats can be found in both the top 10 for malware and network attack. On the malware side, a PowerShell-based code injection attack was recorded for the first time in the first quarter, while the popular fileless backdoor tool Meterpreter made its debut among network attacks. This trend shows once again that these types of attack continue to be an effective means for cyber criminals.
  • "Mimikatz" malware increases by 73 percent and remains the greatest threat - With 20.6 percent of all malware found in the first quarter, this popular open source tool is often used for the theft of passwords and subsequent network infiltration. Mimikatz is a permanent candidate on the Top 10 Malware List. This underscores the importance of using long and complex passwords that are unique to each individual account. With cybercriminals' continued focus on identity theft, organizations of all sizes should adopt Consider multifactor authentication solutions as this is the only way to effectively protect user accounts.

The results of the report are based on anonymized Firebox feed data from 42,372 active WatchGuard UTM appliances worldwide whose users have consented to the data sharing. In total, they blocked 23,884,979 malware variants (564 per device) and 989,759 network attacks (23 per device) in the first quarter of 2019.

WatchGuard's expert report examines the most impactful malware and attack trends from Q1 2019. It also includes a detailed analysis of the historic 51 percent attack on the Ethereum Classic (ETC) cryptocurrency, which resulted in losses of $ 1.1 million.

06/26/2019 / dr