{"id":10449,"date":"2020-05-18T15:05:54","date_gmt":"2020-05-18T13:05:54","guid":{"rendered":"https:\/\/www.boc.de\/watchguard-info-portal\/?p=10449"},"modified":"2020-07-10T11:59:06","modified_gmt":"2020-07-10T09:59:06","slug":"threat-landscape-auswertung-april-2020","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2020\/05\/threat-landscape-auswertung-april-2020\/","title":{"rendered":"Threat Landscape Auswertung April 2020"},"content":{"rendered":"<p>WatchGuards Threat Lab ist eine Gruppe von Bedrohungsforschern, die sich mit der Analyse und Aufbereitung der letzten Malware- und Netzwerk-Attacken besch\u00e4ftigen. Sie greifen dabei auf die Daten zur\u00fcck, die sie vom WatchGuard Firebox Feed bekommen, aber auch aus internen und externen Threat Intelligences und einem Forschungs-Honeynet. Daraus werden Analysen und praktische Sicherheitshinweise \u00fcber die gr\u00f6\u00dften Gefahren und Bedrohungen abgeleitet.<br \/>\n<!--more--><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4963 alignnone\" src=\"https:\/\/www.boc.de\/watchguard-info-portal\/wp-content\/uploads\/2018\/09\/threat-landscape.png\" alt=\"WatchGuard Threat Landscape\" width=\"506\" height=\"96\" \/><\/p>\n<h5>Malware-Attacken:<\/h5>\n<p>Wie die <a href=\"https:\/\/www.secplicity.org\/threat-landscape\/?s=2020-04-01&amp;e=2020-04-30&amp;type=all&amp;region=amer+emea+apac\" target=\"_blank\" rel=\"noopener noreferrer\">Threat Landscape<\/a> von WatchGuard zeigt, wurden alleine im Monat April 2020 \u00fcber <strong>10,20\u00a0Millionen Malware-Attacken<\/strong> weltweit von den WatchGuard-L\u00f6sungen geblockt:<br \/>\n<div class=\"su-list\" style=\"margin-left:0px\">\n<ul>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> t\u00e4glich 340.283 geblockte Angriffe<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> 48,96% aller von WatchGuard geblockten Attacken in EMEA<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> alleine in Deutschland \u00fcber 777.744 geblockte Angriffe<\/li>\n<\/ul>\n<\/div>\nVon den \u00fcber 10,20 Millionen geblockten Malware-Attacken waren 65% Zero-Day Malware. Da diese Attacken nicht von dem Gateway Antivirus erkannt werden, empfehlen wir als zus\u00e4tzliche Sicherheitsschicht den <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/watchguard-apt-blocker\/\" target=\"_blank\" rel=\"noopener noreferrer\">APT Blocker<\/a>,\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/watchguard-threat-detection-and-response\/\" target=\"_blank\" rel=\"noopener noreferrer\">Threat Detection and Response (TDR)<\/a>\u00a0sowie\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/watchguard-intelligentav\/\" target=\"_blank\" rel=\"noopener noreferrer\">IntelligentAV<\/a>\u00a0zu aktivieren. Alle drei Services sind in der Total Security Suite enthalten. Sollten Sie noch keine Lizenz f\u00fcr die Total Security Suite erworben haben, empfehlen wir Ihnen auf diese zu upgraden. Eine \u00dcbersicht der von WatchGuard angebotenen Suiten und den dazugeh\u00f6rigen Services finden Sie in unserem Infoportal unter\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security Services und Suites<\/a>\u00a0und <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/vertriebsinfos\/basic-security-suite-vs-total-security-suite\/\" target=\"_blank\" rel=\"noopener noreferrer\">Basic Security Suite vs. Total Security Suite<\/a>.<\/p>\n<h5>Netzwerk-Attacken:<\/h5>\n<p>Neben den Malware-Attacken wurden im April 2020 auch \u00fcber <strong>726.099 Netzwerkangriffe<\/strong> von WatchGuard Firebox Appliances blockiert:<br \/>\n<div class=\"su-list\" style=\"margin-left:0px\">\n<ul>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> t\u00e4glich 19.354 geblockte Angriffe<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> 37,29% aller von WatchGuard geblockten Attacken in EMEA<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> alleine in Deutschland 116.768 geblockte Angriffe<\/li>\n<\/ul>\n<\/div>\n<p><!--more--><\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Top 10 Malware-Angriffe<\/strong><\/td>\n<td width=\"50%\"><strong>Top 10 Netzwerk-Angriffe<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Win32\/Heri<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1059160\" target=\"_blank\" rel=\"noopener noreferrer\">WEB SQL injection attempt -33<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Gen:Variant.Application.Graftor.291176<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133407\" target=\"_blank\" rel=\"noopener noreferrer\">WEB Brute Force Login -1.1021<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Win32\/Heim.D<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1059764\" target=\"_blank\" rel=\"noopener noreferrer\">WEB URI Handler Buffer Overflow &#8211; GET -3<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Trojan.GenericKD.30649454<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133451\" target=\"_blank\" rel=\"noopener noreferrer\">WEB Cross-site Scripting -36<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">malicious<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133223\" target=\"_blank\" rel=\"noopener noreferrer\">FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231)<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">JS:Trojan.Cryxos.2657<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1054837\" target=\"_blank\" rel=\"noopener noreferrer\">WEB Remote File Inclusion \/etc\/passwd<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Exploit.CVE-2017-11882.Gen<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1055396\" target=\"_blank\" rel=\"noopener noreferrer\">WEB Cross-site Scripting -9<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Luhe.Exploit.PDF.H<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133458\" target=\"_blank\" rel=\"noopener noreferrer\">UNKNOWN<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Gen:Variant.Razy.553929<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1056247\" target=\"_blank\" rel=\"noopener noreferrer\">SHELLCODE NOP Sled<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Trojan.Linux.GenericA.75142<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1058077\" target=\"_blank\" rel=\"noopener noreferrer\">WEB SQL injection attempt -1.b<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Weitere Informationen finden Sie in dem neuesten <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/2020\/05\/internet-security-report-q4-2019\/\" target=\"_blank\" rel=\"noopener noreferrer\">Internet Security Report Q4 2019<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WatchGuards Threat Lab ist eine Gruppe von Bedrohungsforschern, die sich mit der Analyse und Aufbereitung der letzten Malware- und Netzwerk-Attacken besch\u00e4ftigen. Sie greifen dabei auf die Daten zur\u00fcck, die sie vom WatchGuard Firebox Feed bekommen, aber auch aus internen und externen Threat Intelligences und einem Forschungs-Honeynet. Daraus werden Analysen und praktische Sicherheitshinweise \u00fcber die gr\u00f6\u00dften Gefahren und Bedrohungen abgeleitet.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[445],"tags":[472],"class_list":["post-10449","post","type-post","status-publish","format-standard","hentry","category-aktuelle-nachrichten","tag-threat-landscape"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/10449"}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=10449"}],"version-history":[{"count":10,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/10449\/revisions"}],"predecessor-version":[{"id":10879,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/10449\/revisions\/10879"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=10449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=10449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=10449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}