Antiviruses are becoming more and more secure, and it is usually rare to get infected by a virus if we have all the security updates of the operating system up to date. However, a new report has revealed that there are other threats even more worrisome that 3 out of 4 are not detected by antivirus.
This is stated by the cybersecurity company WatchGuard Technologies , which in its report shows that 74% of the threats detected in the first quarter of 2021 were zero-day malware , which can bypass antivirus protection mechanisms by taking advantage of vulnerabilities in the system or the antivirus itself.
3 out of 4 zero-day vulnerabilities don’t stop
In the first three months of the year, WatchGuard detected four million network attacks , an increase of 21% compared to the first quarter of 2020, and the highest volume since the beginning of 2018. In addition, the number of vulnerabilities for the day zero is the largest they have detected in their history.
The majority of attackers’ targets are still company servers, since they usually seek to focus on targets that allow them to get large amounts of money, something that individuals are not normally willing to do, and despite the fact that more and more people work in remote.
The name zero-day vulnerabilities refers to a vulnerability that has not been patched on a device or operating system, and that is being used by attackers. These are the most dangerous, as it can take weeks or months for a manufacturer to discover and patch it.
These types of vulnerabilities often lead to the introduction of malware such as ransomware , as happened with WannaCry, which took advantage of a vulnerability that Microsoft patched quickly, but that many computers took months to update, hence many companies were affected by it .
Hide ransomware in files like PDF or CAB
The input vector is usually emails sent to company workers, and they are usually directed by someone who knows what position that person occupies in the company. For example, something that is usually done is to try to generate a rush and confusion in users so that they click on a link and download the malware, and by executing it they can infect not only their computer, but the entire company network.
The WatchGuard report details attackers using a hack that allows files that run ransomware to be disguised as a real PDF . There is also another trick that uses CAB files.
WatchGuard has also observed that legitimate websites have been used to carry out malicious cryptocurrency mining campaigns on users’ computers.
With this, the company affirms that the current malware detection system is not enough to stop threats, and that it is necessary to implement other detection mechanisms based on machine learning and behavior analysis to focus on the activity it performs. a software with the resources or files of the computer. One of these mechanisms is the Windows 10 ransomware protection mechanism, which blocks any massive file encryption attempts.