15 July 2020

WatchGuard Technologies’ Internet Security Report for Q1 2020 found that 67% of malware detected in the first three months of the year was hidden in HTTPS encrypted tunnels, in a bid to navigate traditional AV.

During the period they blocked over 32 million malware variants and nearly 1.7 million network attacks. Elsewhere, some 67% of that malware was delivered via HTTPS connections and 72% of these encrypted attacks apparently featured zero-day malware which would have been missed by legacy signature-based AV.

It is understood the growing popularity of HTTPS is down in part to initiatives like Let’s Encrypt, backed by the non-profit Internet Security Research Group (ISRG). Nevertheless, while it has improved website security and user privacy, it also offers cyber-criminals a free and easy way to disguise their activity.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go un-inspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach to defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Meanwhile, the vendor claimed that it detected 6.9% less malware and 11.6% fewer network attacks than in the previous quarter despite the apparent uptick in Covid-themed threats.

It suggested that this could be because fewer users were operating within the traditional corporate network perimeter during Q1 thanks to work-from-home mandates.
The firm’s latest Internet Security Report for Q1 2020 is distilled from analytics provided by its 44,000 global appliances.