Internet Security Report: Fileless Malware on the Rise, Defenses Failing

Seventy-five percent of malware is going undetected by “traditional malware solutions,” according to a new report. And 74% of threats detected in the last quarter were zero-day malware, an all-time high, according to the researchers.

The report, the Internet Security Report for Q1 2021 from WatchGuard Technologies, found that malicious scripts are delivering fileless malware in the form of an XML external entity. The most widespread was XML.JSLoader, which made the top 10 for the first time in the first quarter of 2021. According to researchers: “The sample WatchGuard identified uses an XML external entity (XXE) attack to open a shell to run commands to bypass the local PowerShell execution policy and runs in a non-interactive way, hidden from the actual user or victim. This is another example of the rising prevalence of fileless malware and the need for advanced endpoint detection and response capabilities.”

A ransomware loader called Zmutzy made the top 2 in Q1. It manifests as a disguised email attachment. According to the researchers: “Associated with Nibiru ransomware specifically, victims encounter this threat as a zipped file attachment to an email or a download from a malicious website. Running the zip file downloads an executable, which to the victim appears to be a legitimate PDF. Attackers used a comma instead of a period in the file name and a manually adjusted icon to pass the malicious zip file off as a PDF. This type of attack highlights the importance of phishing education and training, as well as implementing back-up solutions in the event that a variant like this unleashes a ransomware infection.”

The report highlighted a number of other trends in malware and network attacks as well.

  • Half of the top-10 malware families by volume were new to the top-10, including Ursu, Trojan.IFrame, XML.JSLoader, Zmutzy, and Zum.Androm;

  • Encrypted connections saw less zero-day malware (60.3%) than the overall average (74%);

  • Network attacks reached a three-year high during the first quarter, at 4.2 million Intrusion Prevention Service (IPS) hits on Firebox appliances;

  • More than 5 million malicious domains were blocked by DNSWatch in the quarter, a 281% increase over Q4 2020.

  • Exploits against ProxyLogin Exchange Server flaws increased 1,600%.

A complete report and executive summary can be downloaded here. An infographic with highlights from the report can be accessed here.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • sunlit classroom with laptops on every desk, each displaying a glowing AI speech bubble icon above the screen

    Copilot Chat and Microsoft 365 Copilot to Become Available for Teen Students

    This summer, Microsoft is expanding availability of its Copilot Chat and Microsoft 365 Copilot products for students aged 13 and older. Administrators will be able to grant access for students based on their institution's plans and preferences, the company announced in a blog post.

  • AI-powered individual working calmly on one side and a burnt-out person slumped over a laptop on the other

    AI's Productivity Gains Come at a Cost

    A recent academic study found that as companies adopt AI tools, they're not just streamlining workflows — they're piling on new demands. Researchers determined that "AI technostress" is driving burnout and disrupting personal lives, even as organizations hail productivity gains.

  • students using digital devices, surrounded by abstract AI motifs and soft geometric design

    Ed Tech Startup Kira Launches AI-Native Learning Platform

    A new K-12 learning platform aims to bring personalized education to every student. Kira, one of the latest ed tech ventures from Andrew Ng, former director of Stanford's AI Lab and co-founder of Coursera and DeepLearning.AI, "integrates artificial intelligence directly into every educational workflow — from lesson planning and instruction to grading, intervention, and reporting," according to a news announcement.

  • teenager’s study desk with a laptop displaying an AI symbol, surrounded by books, headphones, a notebook, and a cup of colorful pencils

    Student AI Use on the Rise, Survey Finds

    Ninety-three percent of students across the United States have used AI at least once or twice for school-related purposes, according to the latest AI in Education report from Microsoft.