According to a report by Watchguard Technologies, in 2020, the use of fileless malware increased rapidly as cybercriminals tried to find new ways to evade traditional security controls. The report is based on data obtained from Firebox Feed, threat intelligence, and a research honeynet.

What's in the report?

According to the report, the fileless malware rate soared by 888% over the year as cybercriminals tried to evade endpoint protection, by carrying out attacks without installing conventional malware.
  • PowerSploit and CobaltStrike were popular tools used by cybercriminals to inject malicious code into running processes.
  • Nearly 47% of all attacks in Q4 were encrypted, while malware delivered via HTTPS rose by 41% and encrypted zero-day variants rose by 22% over Q3.
  • Despite the shift to mass remote working, network attack detections grew 5% in Q4, reaching their highest level in two years. Total unique attack signatures rose 4% over compared to Q3.
  • Moreover, the vendor spotted 25% more cryptocurrency mining malware in 2020 as compared to 2019.

Additional insights

This report included other details as well, such as the return of IoT or consumer router trojan called The Moon, use of cryptominers, and top malicious domains.
  • Overall perimeter-detected malware dropped to 4% quarter-over-quarter, as many employees are now working from home.
  • Unique cryptominer variants increased by more than 25% year-over-year, reaching a total of 850 variants during 2020.
  • In Q4, DNSWatch had blocked a combined 1,313,686 malicious domain connections.
  • Network attacks targeting Asia-Pacific decreased by 16 points, while attacks in AMER and EMEA witnessed an increase of almost the same volume.
  • The Moon trojan was able to make an entry in WatchGuard’s list of top 10 malware for the first time.


The rise in sophisticated, evasive threat tactics employed by cybercriminals in the last year shows the importance of layered and end-to-end security protections. To protect against such threats, organizations now need an overall effective security strategy, which includes endpoint protections, network defenses, security awareness training, threat intelligence, as well as strict patch management.

Cyware Publisher