At least 30 percent of malware today is new, zero-day malware that is missed by traditional antivirus defenses, according to a new report Credit: Thinkstock At least 30 percent of malware today is new, zero-day malware that is missed by traditional antivirus defenses, according to a new report.“We’re gathering threat data from hundreds of thousands of customers and network security appliances,” said Corey Nachreiner, CTO at WatchGuard Technologies. “We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed by the signature-based antiviruses.”The company caught 18.7 million malware variants in the fourth quarter of 2016. Some of those customers had both traditional, signature-based antivirus and the company’s new, behavioral-based advanced malware prevention service, called APT Blocker.With those customers, traditional antivirus caught 8,956,040 malware variants, while the behavioral-based system caught another 3,863,078 malware variants that the legacy antivirus didn’t catch. “Nowadays, malware threat actors can morph or change their malware to make it look slightly different,” Nachreiner explained.The APT blocker runs potentially dangerous applications in a cloud sandbox, on emulated Windows systems, and uses behavioral analysis to spot malware. The traditional antivirus solution is from AVG Technologies, he said. The behavioral-based malware blocker is from Lastline.“We go with the best-in-class strategy,” Nachreiner said.The report also categorized the attacks by type of exploit.All of the top 10 were web-based attacks that attack a web server or other network services via web-based portals, or attack web clients such as web browsers or browser plug-ins. But the web browser attacks were most numerous, accounting for 73 percent of the hits related to the top exploits. Attackers use them to force drive-by downloads of malicious software.The leading exploit category was Linux trojans, which look for open Linux devices to turn into zombies. A close second was droppers, which typically deliver ransomware and banking Trojans.“In other key findings, we’re seeing some old threats become new again,” said Nachreiner. That includes Word documents with malicious macros.“That is as old-school as you can get,” he said. “They disappeared for decades, but they’ve come back, and we can confirm that we’re blocking a whole bunch of macro-based malware.”That could be because users consider these documents benign, or because they evade legacy security scans. They are typically spread as email attachments.WatchGuard is also seeing PHP webshell scripts, which are the fourth most common malware detected by the company. “It seems to us like a very very old technique,” he said. “But the alleged election manipulation that went on, a shell script was part of it, and they’ve added some new evasive technologies. The threat is old, but they’ve found a way to get past security with it.”Add your comments to our Facebook page. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe