Fileless malware attacks up nearly 900 % in 2020 and cryptominers grew by 25 percent, but ransomware payloads dropped by 48 percent compared with 2019.
The attacks are coming on all fronts, as cyber criminals increasingly leverage fileless malware, cryptominers, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter. Effective security today means prioritizing endpoint detection and response, network defenses and foundational precautions such as security awareness training and strict patch management.
Fileless attacks are particularly dangerous due to their ability to evade detection by traditional endpoint protection clients and because they can succeed without victims doing anything beyond clicking a malicious link or unknowingly visiting a compromised website. Toolkits like PowerSploit and CobaltStrike allow threat actors to easily inject malicious code into other running processes and remain operational even if the victim’s defenses identify and remove the original script.
The report also shows that Q4 2020 brought a 41 percent increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018. 47 percent of all attacks detected at the network perimeter in Q4 were encrypted. In addition malware delivered via HTTPS connections increased by 41 percent, while encrypted zero day malware grew by 22 percent over Q3.
The Linux.Generic virus (also known as ‘The Moon’) which directly targets IoT and consumer network devices made it to WatchGuard’s list of top 10 malware detections for the first time. Total network attack detections grew by five percent in Q4 too, reaching their highest level in over two years.