Skip to main content

Traditional antivirus software misses 'vast majority of threats'

Malware
(Image credit: solarseven / Shutterstock)

Most widely-used "traditional" antivirus solutions fail to capture nearly 3/4 of threats in the first quarter of 2021, new research has claimed.

Compiled by cybersecurity vendor WatchGuard Technologies, the report shows that 74% of threats detected in Q1 2021 were zero-day malware, which can bypass conventional signature-based antivirus solutions.

In all WatchGuard appliances detected over four million network attacks, which represents a 21% increase compared to the previous quarter and the highest volume since early 2018.

“Last quarter saw the highest level of zero day malware detections we’ve ever recorded. Evasive malware rates have actually eclipsed those of traditional threats, which is yet another sign that organisations need to evolve their defences to stay ahead of increasingly sophisticated threat actors,” said Corey Nachreiner, chief security officer at WatchGuard.

The sheer number of attacks leads WatchGuard to conclude that corporate servers continue to be a high-value target for attackers, despite the shift to remote and hybrid work.

Insufficient defense

One of the interesting findings in the report is how attackers are trying to disguise and repurpose old exploits.

For instance, the report sheds light on a simple file name trick that enabled threat actors to pass off a sinister ransomware loader as a legitimate PDF attachment. It also talks about an old directory traversal attack technique that uses the now decommissioned .cab archive files. 

WatchGuard also witnessed attackers co-opting legitimate web domains to orchestrate malicious cryptomining campaigns. They pin the increase of cryptomining malware to recent price spikes in the cryptocurrency market and the relative ease with which threat actors can repurpose their victims’ computing resources.

In light of the developments, Nachreiner believes that traditional anti-malware solutions are “simply insufficient” for the prevailing threat environment. 

He suggests that every business should implement a layered security strategy “that involves machine learning and behavioral analysis to detect and block new and advanced threats.” 

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.