An analysis of malware trends in the second quarter shows that threats are becoming harder to detect.
Researchers said 91.5% of malware was delivered using HTTPS-encrypted connections in the second quarter, making attacks harder to detect.
WatchGuard Technologies’ latest report on findings in its remote working system, also shows that these findings mainly come from two malware families: AMSI.Disable. A, discovered for the first time first into Q1; and older malware called XML.JSLoader. Together, they make up more than 90% of detections over HTTPS and more than 12% of total detections, according to the report.
For its part, AMSI.Disable.A is a recently developed malware that uses PowerShell tools to bypass security protections.
“This family of malware uses PowerShell tools to exploit various vulnerabilities in Windows,” according to the company. “But what makes it especially interesting is its evasion technique. WatchGuard found that AMSI.Disable.A uses code that disables the Malware Scanning Interface (AMSI) in PowerShell, allowing it to pass script security checks without detection. ”
–
The report also notes that statistics show that any organization that does not test encrypted HTTPS traffic is failing to block 9 out of 10 malware infections.
“Unfortunately, not many administrators configure HTTPS inspection to look at these connections,” according to the report published Monday.
–
WatchGuard’s report also identified other malware trends during the quarter, including an increase in fileless threats, a category that AMSI.Disable.A also falls into. In just the first six months of 2021, malware detections originating from scripting tools like PowerShell reached 80% of the total number of script-initiated attacks last year. At the current rate, fileless malware detections in 2021 are on track to double in number compared to last year.
“The malicious PowerShell scripts were hidden in the computer’s memory and used legitimate tools, binaries, and libraries installed on most Windows systems,” the report explains. “That’s why attackers have increased their use of this technique, known as living off the land (LotL) attacks. By using these methods, a worm can make its script invisible to many anti-virus systems that do not examine the script or the system’s memory.
In terms of malware types, ransomware attacks are continuing strongly and are seeing a spike in volume of up to 150% this year compared to 2020.
“While total ransomware detections on endpoints were trending downward from 2018 to 2020, that trend broke in the first half of 2021,” according to the report.
This spike comes alongside findings from other security firms, including SonicWall, which in August showed the number of global attacks against ransomware increased 151% in the first six months of the year compared to the first half of the year. last year. The ransomware scourge caused a staggering 304.7 million attacks within SonicWall Capture Labs’ telemetry. To that end, the company recorded 304.6 million ransomware attacks in the entirety of 2020.
Vina Aspire is a consulting company, providing IT solutions and services, network security, information security & safety in Vietnam. Vina Aspire’s team includes skilled, qualified, experienced and reputable experts and collaborators, along with major domestic and foreign investors and partners to join hands in building.
Businesses and organizations wishing to contact Vina Aspire Company with the following information:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin
