Reader Comments

Fileless Malware Detections Soar 900% in 2021:

by grace edens (2022-01-21)

The increase in sophisticated, defensive threats that occurred in the quarter, and through 2020, shows the necessity to create layered, complete security safeguards, "The attacks are occurring everywhere as cyber criminals are increasingly employ cybercriminals that use fileless malware, cryptominers encrypted attacks and many more as well as target users in remote locations and corporate assets that are not within the traditional security perimeter. Effective security today requires the highest priority for the detection and response of endpoints to network security, as well as fundamental security measures like security awareness training as well as strict patches management.

The Webroot Internet Security Reports inform businesses as well as their partners and customers of the most recent malware attacks, endpoints and network trends that are emerging. Some of the key findings from this Q4 2020 reports include:

  • Attacks on malware that are fileless explode The rate of malware infection that was Fileless in 2020 jumped by 888% over the previous year. They can be especially dangerous because of their ability to avoid detection by traditional security clients and due to the fact that they could be successful without the victims having to do anything other than clicking on a malicious link or by accident accessing a compromised site. Toolkits such as PowerSploit and CobaltStrike permit attackers to effortlessly introduce malicious code into running processes , and continue to operate regardless of whether the victim's defenses recognize and take down the original program. Implementing endpoint detection and response solutions in conjunction with preventative anti-malware will aid in identifying these threat actors.

  • Cryptominers rising following the 2019 slump Following the fact that virtually all cryptocurrency prices plummeted in the beginning of 2018, cryptominer attacks decreased in frequency and slowed to 633 distinct variants of detection in the year 2019. However, hackers continued the process of adding cryptominer malware to botnets already infected and make passive revenue from victims, while also utilizing their networks for various cyber-crimes. This is why and as prices continue to trend upwards again in Q4 of 2020, the number of cryptominer malware-related detections increased up to 25% more than levels in 2019, reaching 885 unique variants in the year.

  • The number of ransomware attacks continues to decrease for the second consecutive year the number of distinct ransomware payloads slowed down in 2020, dropping down to 2,152 payloads unique, down from 4,131 in 2019 , and the record-setting 5,489 in the year before. These numbers represent specific versions of ransomware which could be affecting thousands or hundreds of computers around the world. Most of these alerts came from signatures first developed in 2017 to identify WannaCry and its associated variants. This shows that ransomware strategies are still in full force three years since WannaCry was first introduced to the market. The constant reduction in ransomware's volume is indicative of the continued shift of the attackers away from their unfocused large-scale attacks of the past to specific attacks targeting manufacturing firms, healthcare companies and other targets for whom the downtime of a victim is not acceptable.

  • encrypted, evasive malware attacks experience double-digit growth - Despite it being an eighth consecutive quarter of declining malware volume, more than half (47 percent) of the attacks Webroot discovered on the network's perimeter during Q4 were encrypted. Furthermore, malware distributed through HTTPS connections increased by 41% and zero-day malware that was encrypted (variants which bypass antivirus signatures) was up by 22% compared to Q3.

  • Botnet malware targeted at IoT routers and devices becomes the top-rated threat In the fourth quarter of 2014, this Linux.Generic virus (also called "The moon") has made its debut on the Webroot list of the top 10 malware-related detections. This malware is part a server network which directly target IoT devices as well as consumer grade routers and network devices to exploit vulnerabilities that are not closed. Webroot research revealed specific malware for Linux designed for ARM processors as well as another payload specifically designed for MIPS processors inside the infrastructure of the attacker, which indicates that the attackers are focused on evasive attacks on IoT devices.

  • SolarWinds's security breach demonstrates the dangers that supply chain attacks - The complex attack, which is believed to be state-sponsored, on the Solar Winds supply chain breach is likely to have a wide-ranging impact on the industry of security for the next few years. The effects of this breach went beyond Solar Winds to over 100 companies, which includes some significant Fortune 500s, large security firms, and even that of the US government. Webroot thorough breakdown of the incident highlights the importance of protecting against supply chain attack in the current digitally connected environment.

  • A new trojan that dupes email scanners using multi-payload approaches - Script.1026663 was added to Webroot top five malware detection in the fourth quarter of this year. The attack starts with an email that asks the victims to read an order list attached. The document triggers a string of payloads and malicious codes which eventually lead the victim's computer to launch the final attack, which is The keylogger and the Agent Tesla Remote Access Trojan (RAT) as well as a keylogger.

  • The volume of attacks on networks is approaching the its peak in 2018 The total number of attacks on networks increased by 5% during Q4 which surpassed their highest point in more than two years. Furthermore, the number of unique signatures of network attacks also showed steady growth with an increase of 4% over the previous quarter. This suggests that even though our world operates via remote and the perimeter of corporate networks is still active as threats continue to target assets on premises.

Critical Literacy: Theories and Practices is a non-commercial initiative committed to the ethical dissemination of academic research and educational thinking. CLTP acknowledges the thoughtful dedication of authors, editors and reviewers to develop and promote this open journal initiative. The journal receives copy-editing sponsorship from the Faculty of Education at the University of Oulu, Finland. CLTP has previously received  copy editing support from the Centre for the Study of Social and Global Justice at the University of Nottingham, UK.