• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Our Vaporworm Prediction Arrives Early

November 27, 2018 By Marc Laliberte

In one of our 2019 Security Predictions, we predicted a future where self-propagating, fileless malware “vaporworms” run rampant. This week, Trend Micro announced in a blog post that this future came earlier than we anticipated. In their write up, Trend Micro analyzes a newly discovered fileless variant of the BLADABINDI remote access trojan (RAT) that added self-propagation via removable storage to its toolkit.

This new variant of BLADABINDI uses AutoIt, a scripting language for Windows, to set up a backdoor and install a copy of itself on any removable storage attached to the system to aid its spread. The “fileless” component of the malware refers to how it gains persistence on the system. Instead of dropping a malicious executable on the hard drive like traditional malware, it saves it as a registry entry. It then adds another registry entry that uses PowerShell to load and run the executable directly from memory. The fileless component of BLADABINDI acts as a dropper to retrieve a traditional trojan executable which it then saves in the system’s temp directory and executes.

Fileless malware in general is on the rise. In the Ponemon Institute’s 2017 State of Endpoint Security Risk Report, they found that 29% of attacks used fileless malware, up from 2% in 2016. More frighteningly though,  77% of successful attacks leveraged fileless malware. We expect to see even more fileless malware next year because of its successes which means you need to ensure that you have the proper protections in place to keep your systems safe. If you are a WatchGuard customer, make sure you are fully utilizing Threat Detection and Response (TDR) which monitors processes for malicious behaviors, the best way to catch fileless malware. Advanced malware detection tools (like WatchGuard APT Blocker) can also help catch additional malware payloads and prevent a breach from becoming catastrophic.

Share This:

Related

Filed Under: Editorial Articles Tagged With: security news

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use