SYSTEM-COGNITIVE MODELING OF INFECTION VECTORS WITH MALICIOUS CODE IN DISTRIBUTED INFORMATION ENVIRONMENTS AND FORMATION OF AN ADAPTIVE MULTILEVEL CYBER DEFENSE STRATEGY
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1094Keywords:
cyber threats,, infection vectors,, fileless attacks,, multi-layered protection,, Zero Trust,, multi-factor authentication (MFA),, behavioral monitoring,, phishing,, cyber resilience.Abstract
Abstract. A comprehensive analysis of the transformation of the global cyber threat landscape in the period 2024–2025 was conducted, focusing on the evolution of infection vectors through malicious code and the growing role of fileless attacks. Based on the generalization of statistical data and conclusions of leading industry reports (Verizon DBIR 2024, CrowdStrike Global Threat Report 2025), a systematic assessment of trends was conducted, indicating a fundamental shift from classic infection scenarios to interactive intrusions focused on compromising credentials and legitimate use of system components (Living-Off-the-Land). It was found that the share of fileless attacks in the structure of modern incidents exceeds 79%, which requires a revision of traditional detection and response models.
Technical mechanisms for circumventing security measures were investigated, including the use of Living-Off-the-Land binaries (LOLBins), adaptive file vectors, firmware-level exploits, and physical interfaces (BadUSB). Based on the results of the analytical comparison of approaches, a multi-layered cyber defense architecture based on the principles of Zero Trust and combining content disinfection (Content Disarm and Reconstruction, CDR), behavioral monitoring (EDR/XDR), and a structured incident response protocol in accordance with the NIST SP 800-61 Rev.2 standard was proposed.
Particular attention was paid to the economic feasibility of implementing multi-factor protection, where multi-factor authentication (MFA) proved to have the highest return on investment, providing over 99.9% efficiency in preventing account compromise. The results confirm the need to combine technical, organizational and behavioral protection mechanisms to form adaptive threat-resistant information environments.
Downloads
References
Verizon. (2024). 2024 data breach investigations report. Verizon Business. https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
CrowdStrike. (2025). 2025 global threat report: Executive summary. CrowdStrike, Inc. https://www.crowdstrike.com/explore/2025-global-threat-report-executive-summary/2025-global-threat-report-infographic
Microsoft. (n.d.). Macros from the internet will be blocked by default in Office. Microsoft Learn. https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked
HP Wolf Security. (2025). Threat insights report—Q3 2025. HP Inc. https://threatresearch.ext.hp.com/wp-content/uploads/2025/12/HP_Wolf_Security_Threat_Insights_Report_December_2025.pdf
HP Wolf Security. (2025). Threat insights report—September 2025. HP Inc. https://threatresearch.ext.hp.com/wp-content/uploads/2025/09/HP_Wolf_Security_Threat_Insights_Report_September_2025.pdf
Hornetsecurity. (2025, October). Monthly threat report—October 2025. Hornetsecurity Blog. https://www.hornetsecurity.com/en/blog/monthly-threat-report/
VIPRE Security Group. (2025). Email security in 2025: An expert look at email-based threats. https://vipre.com/wp-content/uploads/2025/04/VIPRE_2025_Q1_Email-Threat-Report_US-APRIL25.pdf
MITRE ATT&CK. (n.d.). Enterprise matrix. https://attack.mitre.org/matrices/enterprise/
Microsoft. (2023). The effectiveness of multi-factor authentication. Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/
Moser, A., Kruegel, C., & Kirda, E. (2007). Limits of static analysis for malware detection. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007) (pp. 421–430). https://doi.org/10.1109/ACSAC.2007.21
Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(2), 1–42. https://doi.org/10.1145/2089125.2089126
MITRE. (n.d.). Shellcode (Technique T1055). ATT&CK Framework. https://attack.mitre.org/techniques/T1055/
CrowdStrike. (2024). In-memory execution techniques. CrowdStrike Threat Intelligence. https://www.crowdstrike.com/cybersecurity-101/malware/fileless-malware/
Microsoft. (n.d.). PowerShell documentation. Microsoft Learn. https://learn.microsoft.com/en-us/powershell/
Cynet. (n.d.). Office macro attacks. Cynet Attack Techniques. https://www.cynet.com/attack-techniques-hands-on/office-macro-attacks/
Sasa Software. (n.d.). Content disarm and reconstruction technology. https://www.sasa-software.com/content-disarm-and-reconstruction-technology/
Microsoft. (n.d.). Enable or disable macros in Microsoft 365 files. Microsoft Support. https://support.microsoft.com/en-us/office/enable-or-disable-macros-in-microsoft-365-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6
Yashchuk, V., Demyanchuk, Y., & Savitska, V. (2025). Integrative approach to the analysis, modeling, and ensuring cybersecurity of critical information infrastructure under modern threats. Baltic Journal of Economic Studies, 11(2), 273–286. https://doi.org/10.30525/2256-0742/2025-11-2-273-286
Trend Micro. (2023, March 13). Emotet returns, now adopts binary padding for evasion. Trend Micro Research. https://www.trendmicro.com/en_us/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Radware. (2025). The Emotet threat in 2025: Anatomy, attack examples & defenses. Radware Cyberpedia. https://www.radware.com/cyberpedia/bot-management/emotet-anatomy-examples-and-defense/
Proofpoint. (2024). ICS file attacks: Calendar invites as a vector. Proofpoint Threat Insight. https://www.proofpoint.com/us/threat-insight/
Microsoft. (2024). Deploy application control policies by using Group Policy. Microsoft Learn. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-group-policy
Microsoft. (2023). Configure mail flow rules to filter email attachments. Microsoft Learn. https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments
National Institute of Standards and Technology. (2012). Computer security incident handling guide (NIST SP 800-61 Rev. 2). https://doi.org/10.6028/NIST.SP.800-61r2
National Institute of Standards and Technology. (2023). Guide to enterprise patch management planning (NIST SP 800-40 Rev. 4). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf
Microsoft. (2024). Control USB devices and other removable media using Microsoft Defender for Endpoint. Microsoft Learn. https://learn.microsoft.com/en-us/defender-endpoint/device-control-overview
Yashchuk, V., & Mysko, R. (2024). Protection of an information activity object by implementing an integrated security system. In Information security and information technologies (pp. 328–331). Lviv State University of Life Safety.
Stevens, D. (2024, January). Analyzing malicious Office documents. SANS Internet Storm Center. https://isc.sans.edu/diary/
Yashchuk, V. I. (2024). Methodology for ensuring the security of information systems and responding to cyber incidents by cybersecurity centers. InterConf+, 45(201), 632–641. https://doi.org/10.51582/interconf.19-20.05.2024
Yashchuk, V., Ivanusa, A., Maslova, N., Tkachuk, R., & Brych, T. (2025). Conceptualization of the integrative use of vulnerability databases in the context of information security management. Bulletin of Lviv State University of Life Safety, 31, 126–139. https://doi.org/10.32447/20784643.31.2025.13
Yashchuk, V. I. (2025). Cybersecurity risk assessment of critical infrastructure. In Civil protection under wartime conditions (pp. 283–285). Lviv State University of Life Safety.
Yashchuk, V. I. (2025). Simulation of investment IT project management tasks. In Innovating modern trends in security management (pp. 247–253). Lviv State University of Life Safety.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Валентина Ящук, Артур Ткаченко, Богдан Дмитрук
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
