Malware attacks targeting the Americas increased dramatically in Q3 2019

The trend represents a major geographic shift in the focus for attackers

Malware attacks targeting the Americas increased drastically in the third quarter of 2019, according to WatchGuard Technologies' latest Internet Security Report released on Wednesday.

More than 42 per cent of all malware attacks launched globally in Q3 2019 specifically targeted users and organisations in the North, South and Central America, up 15 per cent compared to the second quarter. Specifically, Brazil was targeted with a high volume of attacks.

WatchGuard was unclear about the specific motivations of the attackers, but said the trend represents a major geographic shift in the focus for attackers compared to Q2 2019.

The researchers said they also noticed a rise in the total number of network attacks in Q3 2019. Such attacks increased 8 per cent compared to Q2 2019.

One network attack, among the Top 10 most 'popular' attacks in the third quarter, was found exploiting a vulnerability that exists in Apache Struts, the open-source web application framework.

It was same vulnerability that was used by attackers in the Equifax data breach in September 2017. Personal details of nearly 143 million Americans were compromised in that incident. In July, the company agreed to pay as much as $700 million in fines and compensation in a settlement with US regulators over the data breach.

WatchGuard researchers said attackers are currently exploiting multiple Apache Struts vulnerabilities. Specifically, they are using Apache Struts 2 Remote Code Execution flaw to install Python or generate a custom HTTP request to get shell access to an exposed system by using just a few lines of code.

Two other Apache Struts vulnerabilities also appeared on the WatchGuard's top ten network attacks list in Q3.

On the malware front, WatchGuard noticed a drop of 4 per cent in the number of malware detections compared to Q2 2019, although, it was up 60 per cent when compared to Q3 2018 figures.

Specifically, zero day malware incidents accounted for 50 per cent of all malware detections in the third quarter, up from 38 per cent over the past several quarters.

The researchers also observed attackers abusing user-controlled SharePoint subdomains to host malware.

Microsoft Office continued to be an exploitable product in Q3 2019. Two malware variants targeting Microsoft Office products were among WatchGuard's top ten list of malware by volume in Q3.

Both attacks were primarily deployed via email, highlighting the need for organisation to focus on user training to help them identify phishing emails with malicious attachments.