{"id":9399,"date":"2019-12-05T13:05:43","date_gmt":"2019-12-05T12:05:43","guid":{"rendered":"https:\/\/www.boc.de\/watchguard-info-portal\/?p=9399"},"modified":"2019-12-05T13:05:43","modified_gmt":"2019-12-05T12:05:43","slug":"threat-landscape-auswertung-november-2019","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2019\/12\/threat-landscape-auswertung-november-2019\/","title":{"rendered":"Threat Landscape Auswertung November 2019"},"content":{"rendered":"<p>WatchGuards Threat Lab ist eine Gruppe von Bedrohungsforschern, die sich mit der Analyse und Aufbereitung der letzten Malware- und Netzwerk-Attacken besch\u00e4ftigen. Sie greifen dabei auf die Daten zur\u00fcck, die sie vom WatchGuard Firebox Feed bekommen, aber auch aus internen und externen Threat Intelligences und einem Forschungs-Honeynet. Daraus werden Analysen und praktische Sicherheitshinweise \u00fcber die gr\u00f6\u00dften Gefahren und Bedrohungen abgeleitet.<br \/>\n<!--more--><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4963 alignright\" src=\"https:\/\/www.boc.de\/watchguard-info-portal\/wp-content\/uploads\/2018\/09\/threat-landscape.png\" alt=\"WatchGuard Threat Landscape\" width=\"506\" height=\"96\" \/><\/p>\n<h5>Malware-Attacken:<\/h5>\n<p>Wie die <a href=\"https:\/\/www.secplicity.org\/threat-landscape\/?s=2019-11-01&amp;e=2019-11-30&amp;type=all&amp;region=amer+emea+apac\" target=\"_blank\" rel=\"noopener\">Threat Landscape<\/a> von WatchGuard zeigt, wurden alleine im Monat November 2019 \u00fcber <strong>9,07 Millionen Malware-Attacken<\/strong> weltweit von den WatchGuard-L\u00f6sungen geblockt:<br \/>\n<div class=\"su-list\" style=\"margin-left:0px\">\n<ul>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> t\u00e4glich 302.592 geblockte Angriffe<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> 55,18% aller von WatchGuard geblockten Attacken in EMEA<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> alleine in Deutschland \u00fcber 674.032 geblockte Angriffe<\/li>\n<\/ul>\n<\/div>\nVon den \u00fcber 9,07 Millionen geblockten Malware-Attacken waren 64% Zero-Day Malware. Da diese Attacken nicht von dem Gateway Antivirus erkannt werden, empfehlen wir als zus\u00e4tzliche Sicherheitsschicht den\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/watchguard-apt-blocker\/\" target=\"_blank\" rel=\"noopener\">APT Blocker<\/a>,\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/watchguard-threat-detection-and-response\/\" target=\"_blank\" rel=\"noopener\">Threat Detection and Response (TDR)<\/a>\u00a0sowie\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/watchguard-intelligentav\/\" target=\"_blank\" rel=\"noopener\">IntelligentAV<\/a>\u00a0zu aktivieren. Alle drei Services sind in der Total Security Suite enthalten. Sollten Sie noch keine Lizenz f\u00fcr die Total Security Suite erworben haben, empfehlen wir Ihnen auf diese zu upgraden. Eine \u00dcbersicht der von WatchGuard angebotenen Suiten und den dazugeh\u00f6rigen Services finden Sie in unserem Infoportal unter\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/produktinfos\/watchguard-security-services-und-suites\/\" target=\"_blank\" rel=\"noopener\">Security Services und Suites<\/a>\u00a0und <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/vertriebsinfos\/basic-security-suite-vs-total-security-suite\/\" target=\"_blank\" rel=\"noopener\">Basic Security Suite vs. Total Security Suite<\/a>.<\/p>\n<h5>Netzwerk-Attacken:<\/h5>\n<p>Neben den Malware-Attacken wurden im November 2019 auch \u00fcber <strong>498.464\u00a0Netzwerkangriffe<\/strong> von WatchGuard Firebox Appliances blockiert:<br \/>\n<div class=\"su-list\" style=\"margin-left:0px\">\n<ul>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> t\u00e4glich 16.615 geblockte Angriffe<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> 48,63% aller von WatchGuard geblockten Attacken in EMEA<\/li>\n<li><i class=\"sui sui-chevron-circle-right\" style=\"color:#333\"><\/i> alleine in Deutschland 69.873 geblockte Angriffe<\/li>\n<\/ul>\n<\/div>\n<p>Weitere Informationen finden Sie im letzten\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/2019\/11\/internet-security-report-q2-2019\/\" target=\"_blank\" rel=\"noopener\">Internet Security Report &#8211; Q2 2019<\/a>.<\/p>\n<p><!--more--><\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Top 10 Malware-Angriffe<\/strong><\/td>\n<td width=\"50%\"><strong>Top 10 Netzwerk-Angriffe<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Win32\/Heri<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1059160\" target=\"_blank\" rel=\"noopener\">WEB SQL injection attempt -33<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">Win32\/Heim.D<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133407\" target=\"_blank\" rel=\"noopener\">WEB Brute Force Login -1.1021<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Gen:Variant.Application.Graftor.291176<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133451\" target=\"_blank\" rel=\"noopener\">WEB Cross-site Scripting -36<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">malicious<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1054837\" target=\"_blank\" rel=\"noopener\">WEB Remote File Inclusion \/etc\/passwd<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Gen:Variant.Application.Hacktool.Mimikatz.1<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1056282\" target=\"_blank\" rel=\"noopener\">WEB Ruby on Rails Where Hash SQL Injection (CVE-2012-2695)<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Exploit.CVE-2017-11882.Gen<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1057664\" target=\"_blank\" rel=\"noopener\">WEB Nginx ngx_http_parse_chunked Buffer Overflow -1 (CVE-2013-2028)<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Gen:Variant.Razy.553929<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1055396\" target=\"_blank\" rel=\"noopener\">WEB Cross-site Scripting -9<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Gen:Variant.Adware.Ghokswa.4<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1130029\" target=\"_blank\" rel=\"noopener\">WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Trojan.GenericKD.30649454<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1049802\" target=\"_blank\" rel=\"noopener\">WEB Directory Traversal -4<\/a><\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">\n<div class=\"col-sm-9 topTenLabel\">Luhe.Exploit.PDF.H<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td><a href=\"https:\/\/www.watchguard.com\/SecurityPortal\/ThreatDetail.aspx?rule_id=1133438\" target=\"_blank\" rel=\"noopener\">WEB-CLIENT Cisco WebEx Chrome Extension Remote Code Execution -1 (CVE-2017-3823)<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WatchGuards Threat Lab ist eine Gruppe von Bedrohungsforschern, die sich mit der Analyse und Aufbereitung der letzten Malware- und Netzwerk-Attacken besch\u00e4ftigen. Sie greifen dabei auf die Daten zur\u00fcck, die sie vom WatchGuard Firebox Feed bekommen, aber auch aus internen und externen Threat Intelligences und einem Forschungs-Honeynet. Daraus werden Analysen und praktische Sicherheitshinweise \u00fcber die gr\u00f6\u00dften Gefahren und Bedrohungen abgeleitet.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[445],"tags":[472],"class_list":["post-9399","post","type-post","status-publish","format-standard","hentry","category-aktuelle-nachrichten","tag-threat-landscape"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/9399"}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=9399"}],"version-history":[{"count":2,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/9399\/revisions"}],"predecessor-version":[{"id":9405,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/9399\/revisions\/9405"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=9399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=9399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=9399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}