Fileless malware attacks surge while ransomware declines
Fileless malware attacks were up nearly 900 percent in 2020 and cryptominers grew by 25 percent, but ransomware payloads dropped by 48 percent compared with 2019.
These are findings of the latest internet security report from WatchGuard Technologies which is based on endpoint threat intelligence following WatchGuard's acquisition of Panda Security in June 2020.
"The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections," says Corey Nachreiner, chief technology officer at WatchGuard. "The attacks are coming on all fronts, as cyber criminals increasingly leverage fileless malware, cryptominers, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter. Effective security today means prioritizing endpoint detection and response, network defenses and foundational precautions such as security awareness training and strict patch management."
Fileless attacks are particularly dangerous due to their ability to evade detection by traditional endpoint protection clients and because they can succeed without victims doing anything beyond clicking a malicious link or unknowingly visiting a compromised website. Toolkits like PowerSploit and CobaltStrike allow threat actors to easily inject malicious code into other running processes and remain operational even if the victim's defenses identify and remove the original script.
The report also shows that Q4 2020 brought a 41 percent increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018. 47 percent of all attacks WatchGuard detected at the network perimeter in Q4 were encrypted. In addition malware delivered via HTTPS connections increased by 41 percent, while encrypted zero day malware grew by 22 percent over Q3.
The Linux.Generic virus (also known as 'The Moon') which directly targets IoT and consumer network devices made it to WatchGuard's list of top 10 malware detections for the first time. Total network attack detections grew by five percent in Q4 too, reaching their highest level in over two years.
You can get the full report from the WatchGuard site.