WatchGuard Blog

Evasive malware has grown by 168% causing direct impact on cybersecurity

With a 168% rise in evasive malware, cyber threats have reached a new level of sophistication. This type of malware employs advanced techniques to evade detection by traditional solutions, which often rely on pre-defined signatures to identify threats. These malicious programs pose a major challenge in cybersecurity by camouflaging themselves within legitimate processes and acting stealthily.

Unlike traditional malware, which is spread widely through a generalized approach, evasive malware is used more focusedly by cybercriminal groups. Threat actors carefully select their targets, taking aim at specific business sectors and regions or even singling out one organization. This level of accuracy makes evasive malware a significantly more dangerous threat. To further complicate detection and removal, these criminal gangs use sophisticated and difficult-to-trace infrastructure, such as bulletproof VPS servers, which allows malware to remain active without remediation.

How does it evade detection?

As evasive malware is completely new or modified this enables it to circumvent traditional signature-based detection methods.

One of its most effective forms of attack is the living-off-the-land technique, in which the malware takes advantage of legitimate system processes to hide in the computer’s memory without leaving a trace on disk. This significantly complicates detection, as the typical system compromise indicators that trigger alerts in conventional security solutions are not generated.

Another common tactic is DLL injection. A DLL (Dynamic Link Library) is a file that contains code reusable by multiple programs. Thus, malware can insert a malicious DLL into a legitimate system process, evading security measures and running undetected. In addition, the malware can employ DLL hooking, infecting libraries shared by various applications, allowing it to remain hidden while executing its malicious code. Moreover, DLL sideloading, where malware places a malicious DLL next to a legitimate one, leverages the application’s search pattern to evade defenses.

Advanced security technologies are needed to address these growing challenges. Firewalls not only inspect encrypted traffic and block intrusion attempts but also analyze malware behavior in an isolated environment (sandboxing). This makes it possible to identify unknown threats before they compromise systems, providing fast and effective protection against the most advanced evasion techniques, without relying solely on signatures.

The role of MSPs in combating evasive malware

Evasive malware poses unique challenges for MSPs, who must adapt to an increasingly complex threat landscape. They must stay up to date on evasive techniques used by attackers to safeguard the environments they manage.

While firewalls are critical, an advanced endpoint security solution detects malware hidden in the computer’s memory and DLL files. Similarly, XDR solutions can track infection paths and monitor suspicious activity. By combining these capabilities, MSPs can differentiate themselves by offering a strategic and proactive approach to protecting their customers.

For a deeper dive into the latest threats, including evasive malware developments and other key trends that are redefining security, check out our Internet Security Report - Q2 2024. You'll find detailed analysis and a comprehensive view of the risks businesses face today, helping you anticipate challenges and make informed decisions to better protect your cyber environments.