SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Fileless attacks surge as attackers look to boost ROI
Fri, 30th Aug 2019
FYI, this story is more than a year old

Fileless attacks have skyrocketed 265% this year compared to the first half of 2018, and there's no sign that they will slow down.

Trend Micro's Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup report indicates that attackers are targeting victims that could provide the greatest return on investment – namely businesses and other profitable environments.

In total, Trend Micro blocked more than 26.8 billion threats in the first half of 2019, which is an increase of more than 6 billion compared to the same period last year. Of note, 91% of these threats entered the corporate network via email.

Attackers are also commonly deploying threats that can't be picked up by traditional security filters. This is because those threats can be executed in a system's memory, reside in the registry, or abuse legitimate tools.

“So-called fileless threats are not as visible as traditional malware since these typically do not write to disk, are usually executed in a system's memory, reside in the registry, or misuse normally whitelisted tools like PowerShell, PsExec, or Windows Management Instrumentation,” the report notes.

Additionally, exploit kits have also risen 136% compared to the same time in 2018.

"Sophistication and stealth is the name of the cybersecurity game today, as corporate technology and criminal attacks become more connected and smarter," says Trend Micro's director of global threat communications, Jon Clay.

"From attackers, we saw intentional, targeted, and crafty attacks that stealthily take advantage of people, processes and technology. However, on the business side, digital transformation and cloud migrations are expanding and evolving the corporate attack surface. To navigate this evolution, businesses need a technology partner that can combine human expertise with advanced security technologies to better detect, correlate, respond to, and remediate threats."

Cryptomining malware remains a prevalent threat this year, as attackers deploy these threats on servers and in cloud environments.

The number of routers involved in possible inbound attacks also increased 64% compared to the first half of 2018, with more Mirai variants searching for exposed devices.

Digital extortion attempts surged 319% compared to the second half of 2018. Business email compromise (BEC) scams remain a major threat, with detections jumping 52% compared to the past six months. Ransomware-related files, emails and URLs also grew 77% over the same period.

Trend Micro says that mitigating these advanced threats requires smart defense-in-depth that can correlate data from across gateways, networks, servers and endpoints to best identify and stop attacks.