Fileless phishing
attacks designed to disguise malicious intent surged by 265% in the first half of this year compared to the same period in 2018, according to Evasive Threats, Pervasive Effects, a study by security
firm Trend Micro.
These threat actors have been “increasingly ‘living off the land,’ or abusing legitimate system administration and penetration testing tools to hide their
malicious activates," “the study notes.
Fileless attacks are largely devoted to delivering cryptocurrency-mining malware, ransomeware and banking trojans.
The company says it
blocked 710,733 in the first half of 2019.
In addition, there was a 136% rise in use of Exploit kits and a 319% increase in digital extortion schemes. Business email compromise (BEC)
detections jumped by 52%.
In addition, Trend Micro reports a 77% increase in ransomware detections and a 55% hike in new ransomware families, although WannaCry remained the leading one.
However, there was a shift in targeting of ransomware attacks, with felons now focusing on multinationals, enterprises and government organizations. Typically, they send phishing emails
an exploit security to gain access to networks.
Among the local governments hit by these attacks were:
- Riviera Beach — Paid $600,000
- Lake City
— Paid $460,000
- Key Biscayne — No reported payment
The study also tracked decreases — in macro malware. Most detected threats were “due to
Powload, mainly in spam emails,” the study says.
Overall, Trend Micro blocked 26.8 billion threats in the first half of 2019.
“Sophistication and stealth are the name
of the cybersecurity game today as corporate technology and criminal attacks become more connected and smarter,” states Jon Clay, director of global threat communications for Trend Micro.
“From attackers, we saw intentional, targeted, and crafty attacks that stealthily take advantage of people, processes and technology.”