An alarming majority of malware (75 percent) is going undetected by “traditional malware solutions,” according to a new report. And nearly three-quarters of threats detected in the last quarter were zero-day malware — an all-time high.
The Internet Security Report for Q1 2021 from WatchGuard Technologies found that malicious scripts are delivering fileless malware in the form of an XML external entity. The most widespread was XML.JSLoader, which made the top 10 for the first time in the first quarter of 2021. According to researchers: “The sample WatchGuard identified uses an XML external entity (XXE) attack to open a shell to run commands to bypass the local PowerShell execution policy and runs in a non-interactive way, hidden from the actual user or victim. This is another example of the rising prevalence of fileless malware and the need for advanced endpoint detection and response capabilities.”
A ransomware loader called Zmutzy made the top 2 in Q1. It manifests as a disguised e-mail attachment. According to the researchers: “Associated with Nibiru ransomware specifically, victims encounter this threat as a zipped file attachment to an e-mail or a download from a malicious website. Running the zip file downloads an executable, which to the victim appears to be a legitimate PDF.