'Malware-free' or fileless attacks now most popular tactic amongst cybercriminals

guest · Mar 4, 2020

'Malware-free' attacks now most popular tactic amongst cybercriminals
Malware-free or fileless techniques accounted for 51% of attacks last year, compared to 40% the year before
March 3, 2020
https://www.zdnet.com/article/malware-free-attacks-now-most-popular-tactic-amongst-cybercriminals/

More than half of attacks last year leveraged fileless or "malware-free" techniques, as hackers increasingly turn to stolen credentials in their efforts to breach corporate networks.

Malware-free tactics accounted for 51% of attacks in 2019, compared to 40% just the year before, though this figure was significantly driven by a sharp increase of such attacks targeting North America. Some 74% of attacks in the region were malware-free while such techniques accounted for 25% of attacks targeting Indo-Pacific, according to CrowdStrike's Global Threat Report 2020.

The security vendor defined malware-free attacks as those in which files or file fragments are not written to disk. These could be attacks where codes executed from memory or where stolen credentials are tapped to enable remote logins.
It added that malware-free attacks typically require various detection techniques to identify and intercept, such as behavioural detection and human threat hunting.
Click to expand...

Crowdstrike: 2020 Global Threat Report (PDF - 2.44 MB): https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf

guest · Jul 19, 2020

The Growing Threat from Fileless Attacks
July 19, 2020
https://www.cbronline.com/cybersecurity/protection/threat-fileless-attacks-kaspersky/

One of these stealth approaches is the use of fileless attacks. To avoid detection from traditional endpoint protection, the attack involves injecting code into a legitimate process, or using legitimate tools built into the operating system to move through the system, such as the PowerShell interpreter. There are numerous other techniques, including executing code directly in memory without being saved on the disk.
Due to their stealthy nature, fileless attacks are 10 times more likely to succeed than file-based attacks.

The only approach is to detect suspicious behaviour.

“What is required is an advanced product that monitors activities on the computer and employs behavioural mechanisms for dynamic detection of malicious activity on the endpoint,” says Richard Porter, Head of Pre-Sales, Kaspersky UK&I.
Porter explains that this will mean that even if attackers inject their code into a host process on the computer, its actions will be detected as anomalous.
Click to expand...

Preventing fileless attacks without behaviour detection technology is the equivalent of not securing the 120 sacks of bank notes in the Great Train Robbery. Without it, organisations are hopeless to stop them.
Click to expand...

itman · Jul 19, 2020

This article is just a disguised ad for Kaspersky EDR protection. EDR protection is applicable to commercial environments. An example of EDR protection is WD's ATP protection. All the major AV's have equivalent offerings.

Rasheed187 · Jul 25, 2020

itman said: ↑

This article is just a disguised ad for Kaspersky EDR protection. EDR protection is applicable to commercial environments. An example of EDR protection is WD's ATP protection. All the major AV's have equivalent offerings.
Click to expand...

But doesn't it apply to Kaspersky AV for home users as well? Even Win Defender claims to be able to detect file-less malware, but it always scores bad in testing done by MRG Effitas. At least, when it comes to blocking file-less malware.

Log in or Sign up

'Malware-free' or fileless attacks now most popular tactic amongst cybercriminals

guest Guest

guest Guest

itman Registered Member

Rasheed187 Registered Member

Log in or Sign up

'Malware-free' or fileless attacks now most popular tactic amongst cybercriminals

guest Guest

guest Guest

itman Registered Member

Rasheed187 Registered Member

Useful Searches