Mac-based malware has popped up or the first time on WatchGuard's list of the top ten most common types of malware.
The Mac scareware landed in sixth place on the list. Mostly
delivered by email, it tries to persuade recipients into installing fake malware, according to WatchGuard.
The company also reports that 6.8% of the world’s 100,000 leading
websites continue to accept non-secure versions of the SSL encryption protocol, despite SSL being deprecated by the Internet Engineering Task Force. Worse, 29.9% use no web encryption.
This
report is based on data from tens of thousands of WatchGuard Firebox appliances, the company says.
"Outside of a few surprising finds, like Mac scareware in our top ten malware
list, we saw attackers stick to what they know in Q3 by reusing and modifying old attacks like cross-site scripting, Mimikatz and cryptominers,” states Corey Nachreiner, CTO at WatchGuard
Technologies.
The study also found that the Asia-Pacific region reported more malware hits than the U.S., the Mideast and Africa. APAC was victimized by Razy, Win32/Heur and
MAC.OSX.AMCleanerCA.
Razy, which has almost exclusively targeted APAC, is the second most common piece of malware, making up 4% of all malware blocked by WatchGuard.
However, the
most popular malware in Q3 was Mimikatz, a software theft kit.
According to WatchGuard, analysis also shows that attackers are utilizing applications with cross-site scripting.
Cross-site scripting made up 39.3% of the top ten exploits in the third quarter.
Nachreiner adds: “It's a good reminder that the vast majority of attacks aren't ultra-advanced zero days
and can be prevented by using a layered security approach with advanced malware detection capabilities and investing in secure Wi-Fi and MFA solutions."