Encrypted & Fileless Malware Sees Big Growth

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,115
A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive.

That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily from two malware families: AMSI.Disable.A ,which was first spotted in Q1; and the older malware known as XML.JSLoader. Together these make up more than 90 percent of detections over HTTPS and more than 12 percent of total detections, according to the report.

For its part, AMSI.Disable.A is a recently developed malware that uses PowerShell tools to bypass security protections.
“This malware family uses PowerShell tools to exploit various vulnerabilities in Windows,” according to the firm. “But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected.”

The report also noted that the stats mean that any organization that is not examining encrypted HTTPS traffic at the perimeter is missing blocking nine out of 10 malware infection attempts.
“Unfortunately, not many administrators configure HTTPS inspection to peer into these connections,” according to the report, issued Monday. “The ramifications of this lack of visibility are even more serious this quarter.”
WatchGuard-known-malware-1024x376.png

Source: WatchGuard.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top