Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Fileless Malware Detections Soar 265% in 2019

Fileless malware, BEC, digital extortion and ransomware attacks all grew significantly between 2018 and the first six months of this year, according to new data from Trend Micro.

The security giant blocked over 26.8 billion threats in the first half of the year, over 90% of which were email-borne, according to its mid-year roundup report, Evasive Threats, Pervasive Effects.

Of these detections, it spotted a massive 265% year-on-year increase in fileless techniques designed to stay hidden from traditional tools, by executing in a system’s memory, residing in the registry, or abusing legitimate tools.

Although cryptocurrency mining was the most detected threat in 1H 2019, the more eye-catching growth in detection went to digital extortion attempts, which jumped 319% from the second half of 2018, and BEC, which increased 52% over the same period.

Ransomware is also back on the rise: with related files, emails and URLs recording a 77% increase on the previous six months.

Although the number of new ransomware families dropped by 55% over the period, there were concerning signs of existing variants containing destructive capabilities beyond file encryption.

Ryuk can prevent infected systems from even rebooting, for example, while LockerGoga also modifies user account passwords. Some, such as BitPaymer, use fileless techniques such as abuse of the common PsExec tool.

One surprise from the report was the re-emergence of exploit kits, which recorded a 136% increase compared to the first half of 2018, although the volume of detections at 321,000 is far below the peak activity observed three or four years ago.

These have also been observed in conjunction with fileless techniques.

“One notable exploit kit from the first half of 2019 was Greenflash Sundown, which was used by the ShadowGate campaign through an upgraded version capable of living off the land, that is, using an updated PowerShell loader to filelessly execute the payload,” the report explained.

The volume of threats blocked by Trend Micro in the first half of 2019 increased by around six billion from the same time last year, which could signal either a ramp-up in cybercrime activity or improved detection.

What’s Hot on Infosecurity Magazine?