register free | resend password

WatchGuard Finds Explosion of Attacks Targeting Leading Web Conference Solution

WatchGuard’s Internet Security Report also shows growing use of a new sextortion phishing malware customised to individual victims

ID: 1547871
recent pressrelease next pressrelease

Corey Nachreiner
Corey Nachreiner

(businesspress24) - 21 March 2019 – Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically according to WatchGuard® Technologies. In its latest Internet Security Report for the last quarter of 2018, they were the second-most common network attack. The vulnerability was first disclosed and patched in 2017 and attacks were almost non-existent in early 2018, but WatchGuard detections grew by over 7,000 percent from Q3 to Q4.

The report also shows that Phishing campaigns saw a dangerous increase in sophistication, with new attacks using advanced methods including threatening to release recordings of users visiting adult content online, customising emails for specific targets and creating fake banking login web pages. Based on data from tens of thousands of active WatchGuard Firebox appliances around the world, a new sextortion phishing attack was the second-most common attack detected in Q4 2018. It accounted for almost half of the unique malware hashes detected, because the email phishing message is tailored to each recipient. The message claims the sender has infected the victim’s computer with a trojan and recorded them visiting adult websites, threatening to send these compromising images to their email contacts unless they pay a ransom.

“There was a noticeable increase in advanced phishing attacks targeting high-value information,” said Corey Nachreiner, CTO at WatchGuard Technologies. “Now more than ever, it’s vital for businesses to take the layered approach to security and deploy solutions that offer DNS-level filtering designed to detect and block potentially dangerous connections and automatically refer employees to resources that bolster phishing awareness and prevention. A combination of security controls and human training will help businesses avoid becoming hooked by phishing attacks.”

The other top findings from the report include:
• 16.5 percent of all Fireboxes were targeted by CoinHive cryptominer – The most widespread malware variant in Q4 came from the popular CoinHive cryptominer family, showing that cryptomining remains a popular attack type. Two of the top ten most common pieces of malware detected were also cryptominers.

• A major phishing attack leverages a fake bank page – Another widespread piece of malware in Q4 sent a phishing email with a fake, but highly realistic Wells Fargo login page to capture victim emails and passwords. Overall, WatchGuard saw a rise in sophisticated phishing attacks targeting banking credentials.
• One ISP’s filtering error routed Google traffic through Russia and China for 74 minutes – The report includes a technical analysis of a Border Gateway Protocol (BGP) hijack in November 2018 that inadvertently sent most of Google’s traffic through Russia and China for a short time. WatchGuard found that a Nigerian ISP called MainOne made a mistake in their routing filters, which then spread to Russian and Chinese ISPs and caused much of Google’s traffic to be routed through these ISPs unnecessarily. This accidental hijack highlights the underlying insecure standards that the internet is based on. A sophisticated attack targeting these flaws could have potentially catastrophic consequences.
• Network attacks rise after historic lows in mid-2018 – Network attacks rose 46 percent by volume and 167 percent in terms of unique signature hits in Q4 compared to Q3 2018. This follows a trend seen in previous years with attacks ramping up during the holiday season.

The 2018 Q4 ISR also includes a granular analysis of source code for the Exobot banking trojan. This highly sophisticated malware attempts to steal banking and financial information from Android devices. The WatchGuard Threat Lab’s analysis includes a list of the 150 sites such as Amazon, Facebook, Paypal and Western Union that Exobot can automatically target, as well as a detailed look at the UI an attacker using Exobot would use to push commands to infected devices.

The insights, research and security best practices included in WatchGuard’s quarterly Internet Security Report help organisations of all sizes understand the current cyber security landscape and better protect themselves, their partners and customers from emerging security threats.

The findings are based on anonymised Firebox Feed data from over 42,000 active WatchGuard UTM appliances worldwide. In total, these Fireboxes blocked over 16 million malware variants (382 per device) and approximately 1,244,000 network attacks (29 per device) in Q4 2018.

For more information, download the full report here To access live, real-time threat insights by type, region and date, visit WatchGuard’s Threat Landscape data visualisation tool today. Subscribe to The 443 – Security Simplified podcast at, or wherever you find your favourite podcasts.

More information:

Keywords (optional):

watchguard, cyber-security, security, virus, phishing, internet-security,

Company information / Profile:

PressRelease by

PressContact / Agency:

Peter Rennison, PRPR, 01442 245030, pr(at)

published by: RealWire
print pressrelease  pressrelease as PDF  send to a friend  

Date: 03/21/2019 - 11:32
Language: English
News-ID 1547871
Character count: 5172
Firma: RealWire
Ansprechpartner: Leah Wood Feedback to about Pressrelease-id:
Stadt: Lincoln
Telefon: 1522883640

Meldungsart: bitte
Versandart: Veröffentlichung
Freigabedatum: 21/03/2019

Number of hits: 592


Direct Link to this PressRelease:

We would appreciate a link in your News-, Press- or Partner-Site.

Comments on this PressRelease

All members: 9 438
Register today: 0
Register yesterday: 0
Members online: 0
Guests online: 67

Don't have an account yet? You can create one. As registered user you have some advantages like theme manager, comments configuration and post comments with your name.