Fileless threats are used in many forms of malicious activity – from advanced targeted attacks to widespread malware campaigns or even generic malware, such as Trojan-clickers and adware. Kaspersky researchers are constantly revealing these threats in various attacks, such as the PowerGhost cryptominer, attacks on banks with DarkVishnya, Turla’s APTs and the Platinum APT. Detection of fileless malware is more complicated than other malware because its malicious code does not store itself on a hard drive. It can exist in memory, registry, OS scheduler tasks or Windows system storages, such as WMI objects.
In its study, AV-TEST examined products for different categories of fileless attacks, including malware execution from WMI storage or by Task Scheduler, running a PowerShell script after the execution of exploits or macros. On top of these, the test also monitored for false positives. Of all the solutions tested, Kaspersky Endpoint Security for Business was the only one to detect all 33 attacks, while the average detection rate of all the products was 67.75%. As for protection and remediation, Kaspersky’s product prevented 48 out of 51 malicious actions, compared to an average protection level of 59.10%. The false positive test revealed no false detection or blocks by the Kaspersky product.
According to AV-TEST, it ran this test “to discover how marketing promises of efficient fileless threat protection, claims about unbelievable advantages of some protective tools, and different ad slogans correlate with reality. This test is aimed to show what fileless malware can do and which security products are capable of detecting, blocking and remediating fileless attacks — irrespective of what is claimed by security vendors themselves”.
"Fileless threats are a growing trend in malware landscape which makes efficient protection a challenge for all endpoint protection products. This test reveals big differences in the abilities of assessed security solutions to detect fileless infection techniques. Kaspersky proved to be the most efficient in detection of and prevention against fileless attacks," says Maik Morgenstern, Chief Technology Officer, AV-TEST.
“We appreciate AV-TEST showing the real results of cybersecurity products against current serious threats, such as fileless malware. Kaspersky researchers have been analyzing fileless threats for a long time as they are widely used in different attack stages. Whenever possible cybercriminals try to reduce their footprint and use malware which is less well-detected, making fileless a growing option. Thanks to our intelligence we have created the necessary protection technologies, such as our advanced behavior-based detection. With these technologies, our business customers will always be protected from fileless and other threats,” comments Timur Biyachuev, Vice President, Threat Research, Kaspersky.
The full report “Advanced Endpoint Protection: Fileless Threats Protection Test” commissioned by Kaspersky and performed by AV-TEST GmbH can be found here. No product results were excluded from the report to keep the security picture complete.
For more information about Kaspersky Endpoint Security for Business please visit this page.
AV-TEST GmbH is an independent supplier of services in the fields of IT Security and Antivirus Research, focusing on the detection and analysis of the latest malicious software and its use in comprehensive comparative testing of security products.
AV-TEST has operated out of Magdeburg (Germany) since 2004 and employs more than 30 team members, professionals with extensive practical experience. The AV-TEST laboratories include 300 client and server systems, where more than 2,500 terabyte of independently-collected test data, containing both malicious and harmless sample information, are stored and processed.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.