Fileless Malware Detections Soar 265% in 2019

Fileless Malware Detections Soar 265% in 2019

Originally Published on this site

Fileless Malware Detections Soar 265% in 2019

Fileless Malware Detections Soar 265% in 2019

Fileless malware, BEC, digital extortion and ransomware attacks all grew significantly between 2018 and the first six months of this year, according to new data from Trend Micro.

The security giant blocked over 26.8 billion threats in the first half of the year, over 90% of which were email-borne, according to its mid-year roundup report, Evasive Threats, Pervasive Effects.

Of these detections, it spotted a massive 265% year-on-year increase in fileless techniques designed to stay hidden from traditional tools, by executing in a system’s memory, residing in the registry, or abusing legitimate tools.

Although cryptocurrency mining was the most detected threat in 1H 2019, the more eye-catching growth in detection went to digital extortion attempts, which jumped 319% from the second half of 2018, and BEC, which increased 52% over the same period.

Ransomware is also back on the rise: with related files, emails and URLs recording a 77% increase on the previous six months.

Although the number of new ransomware families dropped by 55% over the period, there were concerning signs of existing variants containing destructive capabilities beyond file encryption.

Ryuk can prevent infected systems from even rebooting, for example, while LockerGoga also modifies user account passwords. Some, such as BitPaymer, use fileless techniques such as abuse of the common PsExec tool.

One surprise from the report was the re-emergence of exploit kits, which recorded a 136% increase compared to the first half of 2018, although the volume of detections at 321,000 is far below the peak activity observed three or four years ago.

These have also been observed in conjunction with fileless techniques.

“One notable exploit kit from the first half of 2019 was Greenflash Sundown, which was used by the ShadowGate campaign through an upgraded version capable of living off the land, that is, using an updated PowerShell loader to filelessly execute the payload,” the report explained.

The volume of threats blocked by Trend Micro in the first half of 2019 increased by around six billion from the same time last year, which could signal either a ramp-up in cybercrime activity or improved detection.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.


vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)