A new report analyzing malware trends in the second quarter of 2021 shows that cyber threats are becoming stealthier, with a massive increase in fileless and encrypted malware.
Encrypted Malware Gains Even More Popularity
According to a new report from WatchGuard Technologies, attacks are becoming more evasive, with a jaw-dropping 91.5% of malware being delivered through HTTPS-encrypted connections.
The team analyzed the second quarter’s malware trends and discovered that these malware detections originate mainly from two families: AMSI.Disable.A, which was first spotted in Q1, and the older malware, known as XML.JSLoader. Combined, they are responsible for 90% of detections over HTTPS and over 12% of total malware detections.
AMSI.Disable.A is a relatively new malware that uses PowerShell tools to circumvent defenses.
“This malware family uses PowerShell tools to exploit various vulnerabilities in Windows,” according to the firm. “But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected.”
Researchers also noted that the figures show that any organization that doesn’t analyze encrypted HTTPS traffic thoroughly is unable to block nine out of ten malware infection attempts.
“Unfortunately, not many administrators configure HTTPS inspection to peer into these connections,” according to the report, released Monday. “The ramifications of this lack of visibility are even more serious this quarter.”
The report also spotted other malware trends, such as an increase in fileless threats. In the first half of 2021, detections coming from scripting engines like PowerShell had already hit 80% of last year’s total script-initiated attack volume. At this rate, fileless malware is expected to double in volume compared to 2020.
“When looking at threats that make it to the endpoint, script-based attacks, which often evade certain antivirus (AV) products, already have reached 80 percent of last year’s total. At this rate, they are sure to overtake last year’s record. We’ve also seen a marked increase in ransomware.”
“Malicious PowerShell scripts have been known to hide in the memory of the computer and already use legitimate tools, binaries, and libraries that come installed on most Windows systems,” explained the report. “That is why attackers have increased their use of this technique, called living off the land (LotL) attacks. Using these methods, a vaporworm might make its script invisible to many antivirus systems that don’t inspect the scripts or systems’ memory.”
Ransomware Is On The Rise
WatchGuard’s researchers noted that ransomware attacks will continue to grow in terms of types of malware and are set to see a volume spike of as much as 150% this year compared to last year.
“While total ransomware detections on the endpoint were on a downward trajectory from 2018 through 2020, that trend broke in the first half of 2021, as the six-month total finished just shy of the full-year total for 2020,” according to the report.
The upcoming spike is confirmed by findings from other security firms, such as SonicWall, which in August discovered that the global ransomware attack volume had increased by 151% for the first six months of the year compared with the year-ago half. Furthermore, the ransomware wave hit an astonishing 304.7 million attempted attacks within SonicWall Capture Labs’ telemetry from a hard-number perspective. To put that into perspective, the security firm spotted 304.6 million ransomware attempts over the course of 2020.
“In the first half of 2021, our ransomware detections have fallen just short of 2020’s full year detections. If this trend continues without additional growth, the 2021 ransomware total will reach at least 150 percent of last year.”
Threatpost Encrypted & Fileless Malware Sees Big Growth
WatchGuard Internet Security Report – Q2 2021