Encrypted & Fileless Malware Sees Big Growth


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive.

That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily from two malware families: AMSI.Disable.A ,which was first spotted in Q1; and the older malware known as XML.JSLoader. Together these make up more than 90 percent of detections over HTTPS and more than 12 percent of total detections, according to the report.

For its part, AMSI.Disable.A is a recently developed malware that uses PowerShell tools to bypass security protections.
“This malware family uses PowerShell tools to exploit various vulnerabilities in Windows,” according to the firm. “But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected.”

The report also noted that the stats mean that any organization that is not examining encrypted HTTPS traffic at the perimeter is missing blocking nine out of 10 malware infection attempts.
“Unfortunately, not many administrators configure HTTPS inspection to peer into these connections,” according to the report, issued Monday. “The ramifications of this lack of visibility are even more serious this quarter.”

Source: WatchGuard.