Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

Why Is Fileless Malware Surging?

According to network security vendor Watchguard Technologies' Internet Security Report, fileless malware detections increased 888 percent year-on-year in 2020.

Hackers turned to fileless malware to conduct attacks without installing malicious code so they can hide from traditional security controls.

Popular toolkits such as PowerSploit and CobaltStrike allow cybercriminals to inject malicious code into running processes, which means that the code remains operational even if the original script is identified and removed.

Hackers are also using encryption to hide their malicious activity. According to Watchguard, 47 percent of attacks detected at the network perimeter in the fourth quarter were encrypted.

In addition, malware delivered via HTTPS increased 41 percent and encrypted zero-day variants increased 22 percent over the third quarter.

Network attack detections increased five percent in the fourth quarter to the highest level in two years. Total unique attack signatures also increased four percent in the fourth quarter of 2020.

With the value of digital currency on the rise, 25 percent more cryptocurrency mining malware was detected in 2020 than in 2019.

However, ransomware declined for the second year in a row from an all-time high of 5489 unique payloads in 2018 to 2152 unique payloads in 2020. However, Watchguard stated that these variants likely infected hundreds of thousands of endpoints globally.

Watchguard Technologies used data from its Firebox Feed, internal and partner threat intelligence, and a research honeynet for the report. Phil Muncaster "Fileless Malware Detections Soar 900 Percent in 2020" infosecurity-magazine.com (Mar. 30, 2021).

Commentary

Fileless malware does not use executable files to spread malware like a traditional malware attack. Instead, it takes advantage of legitimate tools that are part of the operating system.

Fileless malware uses trusted processes, such as Microsoft Office Macros, PowerShell, WMI, to perform malicious activities including lateral movement, privilege escalation, evasion, reconnaissance, and payload delivery. Allie Mellen “Fileless Malware 101: Understanding Non-Malware Attacks” www.cybereason.com (Sep. 17, 2019).

Fileless malware creates more problems for employers by spreading easily and causing more damage through its ability to hide from antivirus protections. Detecting and preventing fileless malware is challenging because hackers hijack tools that they know are pre-installed on every Windows device and are part of the daily workflow.

Because there is no executable, there is no signature for antivirus software to detect. As far as virus protections are concerned, trusted tools are running as they should. As a result, fileless malware attacks are becoming more prevalent.

Finally, your opinion is important to us. Please complete the opinion survey:

Online Requests To Change Payment Procedures: A Red Flag That Needs Thorough Investigation

Organizations must train employees to prevent phishing scams, but also know what to do if an employee falls prey. Read more.

read more

Mac Malware Is On The Rise: Why You Can't Wait To Update

Installing updates to patch vulnerabilities immediately is your best defense against malware, including malware infecting Macs. We examine.

read more

Scam Or Legit: Would You Be Able To Tell The Difference?

The FTC warns people to be alert to scammers posing as government agents and asks for help in communicating the risk to others. We offer further steps for employees to use to avoid becoming victims.

read more

So Where Is All The Malware Hidden On Your System?

Cybercriminals are using new technology and techniques to evade detection. Learn more about how malware is hidden from antivirus software.

read more