Encrypted & Fileless Malware Sees Big Growth

An analysis of second-quarter malware trends shows that threats are becoming stealthier.

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive.

That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily from two malware families: AMSI.Disable.A ,which was first spotted in Q1; and the older malware known as XML.JSLoader. Together these make up more than 90 percent of detections over HTTPS and more than 12 percent of total detections, according to the report.

For its part, AMSI.Disable.A is a recently developed malware that uses PowerShell tools to bypass security protections.

“This malware family uses PowerShell tools to exploit various vulnerabilities in Windows,” according to the firm. “But what makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to bypass script security checks with its malware payload undetected.”

Source: WatchGuard.

The report also noted that the stats mean that any organization that is not examining encrypted HTTPS traffic at the

Read More: https://threatpost.com/encrypted-fileless-malware-growth/175306/