Historically, once a threat has been discovered, a signature is written and an environment becomes protected from that threat. That protection worked because the file identifier or hash, seldom changed. But today a file hash is easily altered by adding, removing or slightly changing the underlying code; often, that’s all it takes to evade existing security controls. In addition to altering files, there’s even a file-less ransomware, where malicious code is either embedded in a native scripting language or written straight to memory using legitimate administrative tools such as PowerShell, without being written to disk.
The combo of outdated protection techniques, an expanding attack surface and file-less malware leads to damaging attacks.