According to network security vendor Watchguard Technologies' Internet Security Report, fileless malware detections increased 888 percent year-on-year in 2020.
Hackers turned to fileless malware to conduct attacks without installing malicious code so they can hide from traditional security controls.
Popular toolkits such as PowerSploit and CobaltStrike allow cybercriminals to inject malicious code into running processes, which means that the code remains operational even if the original script is identified and removed.
Hackers are also using encryption to hide their malicious activity. According to Watchguard, 47 percent of attacks detected at the network perimeter in the fourth quarter were encrypted.
In addition, malware delivered via HTTPS increased 41 percent and encrypted zero-day variants increased 22 percent over the third quarter.
Network attack detections increased five percent in the fourth quarter to the highest level in two years. Total unique attack signatures also increased four percent in the fourth quarter of 2020.
With the value of digital currency on the rise, 25 percent more cryptocurrency mining malware was detected in 2020 than in 2019.
However, ransomware declined for the second year in a row from an all-time high of 5489 unique payloads in 2018 to 2152 unique payloads in 2020. However, Watchguard stated that these variants likely infected hundreds of thousands of endpoints globally.
Watchguard Technologies used data from its Firebox Feed, internal and partner threat intelligence, and a research honeynet for the report. Phil Muncaster "Fileless Malware Detections Soar 900 Percent in 2020" infosecurity-magazine.com (Mar. 30, 2021).