Fileless Malware Detections Soar 900% in 2020

Written by

Detections of fileless malware soared by nearly 900% year-on-year in 2020 as threat actors worked hard to stay hidden from traditional security controls, according to Watchguard Technologies.

The network security vendor compiled its latest Internet Security Report based on data from its Firebox Feed, internal and partner threat intelligence including endpoint data from recently acquired Panda Security, and a research honeynet.

Fileless malware rates surged by 888% over the year as attackers sought to fly under the radar of many endpoint protection products, by conducting attacks without installing malicious code.

Toolkits like PowerSploit and CobaltStrike were particularly popular in enabling attackers to inject malicious code into running processes so that, even if the original script is identified and removed, they remain operational.

Another way for attackers to hide their intent is through encryption. Watchguard claimed that nearly half (47%) of all attacks it detected at the network perimeter in Q4 were encrypted, while malware delivered via HTTPS increased 41% and encrypted zero-day variants surged 22% over Q3.

The network perimeter itself continues to be a major target for attack, despite the shift to mass remote working: total network attack detections grew 5% in Q4 to reach their highest level in two years, while total unique attack signatures increased 4% over the previous quarter.

Elsewhere, the vendor detected 25% more cryptocurrency mining malware in 2020 over 2019 levels, thanks to the rising value of digital currency.

Interestingly, ransomware attack volumes continued to shrink for the second year in a row as cyber-criminals focused on fewer, high-value targets. From an all-time high of 5489 unique payloads in 2018, the figure for 2020 was down to 2152.

However, these variants may still have infected hundreds of thousands of endpoints worldwide, Watchguard claimed.

The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 shows how vital it is to implement layered, end-to-end security protections,” said Corey Nachreiner, CTO at WatchGuard.

“The attacks are coming on all fronts, as cyber-criminals increasingly leverage fileless malware, crypto-miners, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter. Effective security today means prioritizing endpoint detection and response, network defences and foundational precautions such as security awareness training and strict patch management.”

What’s hot on Infosecurity Magazine?