What Is a
Non-Malware (or Fileless) Attack?
Non-Malware (or Fileless) Attack?
Kane Lightowler,
Managing Director, Asia Pacific & Japan, Carbon Black
Managing Director, Asia Pacific & Japan, Carbon Black
Virtually everyorganization was targeted by a non-malware attack in 2016, and this year will
be no different. The global emergence and continued growth of non-malware
attacks will be a major security pain point in 2017, testament to the
increasingly sophisticated attack methodologies employed by hackers today.
Non-malware
attacks, also known as fileless attacks, are so dangerous because they work.
These attacks leverage on trusted, native operating system tools such as
PowerShell or exploit running applications, such as web browsers and Office
applications, to conduct their malicious behavior. The nature of these attacks
allow hackers to gain control of computers without downloading any malicious
files, which means that they can bypass detection by traditional antivirus (AV)
software, which was designed to stop malicious files only.
attacks, also known as fileless attacks, are so dangerous because they work.
These attacks leverage on trusted, native operating system tools such as
PowerShell or exploit running applications, such as web browsers and Office
applications, to conduct their malicious behavior. The nature of these attacks
allow hackers to gain control of computers without downloading any malicious
files, which means that they can bypass detection by traditional antivirus (AV)
software, which was designed to stop malicious files only.
Research by Carbon
Black found that 98 percent of security researchers encounter at least one
non-malware attack a month but only one-third are confident that traditional AV
can protect their organizations from this form of attack.
Black found that 98 percent of security researchers encounter at least one
non-malware attack a month but only one-third are confident that traditional AV
can protect their organizations from this form of attack.
By employing this
stealthy technique to penetrate systems and steal data, cyber criminals can
stay virtually undetected while they extract valuable information from
organizations over prolonged periods of time, causing more damage than ever
before.
stealthy technique to penetrate systems and steal data, cyber criminals can
stay virtually undetected while they extract valuable information from
organizations over prolonged periods of time, causing more damage than ever
before.
According to the
2016 Ponemon Cost of a Data Breach Study[1], the average cost
of a successful breach is US $4 million – a catastrophic sum that will put a
significant strain on resources for any organization.
2016 Ponemon Cost of a Data Breach Study[1], the average cost
of a successful breach is US $4 million – a catastrophic sum that will put a
significant strain on resources for any organization.
Moving beyond
legacy AV
legacy AV
An alarming number
of organizations today are still relying on traditional AV as their only form
of protection. This is no doubt correlated with the increased number of
successful and profitable breaches in the recent years. Small medium
enterprises (SMEs) too, are not spared from these assaults. In fact, we are
seeing a trend wherein attackers exploit the weaker defense capabilities of
SMEs as an entry point to the multi-national corporations (MNCs) they work
with.
of organizations today are still relying on traditional AV as their only form
of protection. This is no doubt correlated with the increased number of
successful and profitable breaches in the recent years. Small medium
enterprises (SMEs) too, are not spared from these assaults. In fact, we are
seeing a trend wherein attackers exploit the weaker defense capabilities of
SMEs as an entry point to the multi-national corporations (MNCs) they work
with.
Here’s the bottom
line: organizations will be attacked. And when it happens, they should be
confident that their cybersecurity capabilities can prevent the attacks, detect
them and, if necessary, respond before attackers can do any real damage. To do
this, there needs to be a paradigm shift in organizations’ approach to security
investments and for IT teams to do a much-needed reality check on their current
defense capabilities.
line: organizations will be attacked. And when it happens, they should be
confident that their cybersecurity capabilities can prevent the attacks, detect
them and, if necessary, respond before attackers can do any real damage. To do
this, there needs to be a paradigm shift in organizations’ approach to security
investments and for IT teams to do a much-needed reality check on their current
defense capabilities.
Just as cyber
criminals are constantly evolving their methods of attack to bypass standard
proprietary capabilities, organizations need to be enhance their defense to
match the current threat landscape. This means moving away from
legacy AV and adopting a new line of defense that has been specifically
developed to address sophisticated threats.
criminals are constantly evolving their methods of attack to bypass standard
proprietary capabilities, organizations need to be enhance their defense to
match the current threat landscape. This means moving away from
legacy AV and adopting a new line of defense that has been specifically
developed to address sophisticated threats.
A new paradigm in
cybersecurity
cybersecurity
The new model of
prevention, known as next-generation antivirus (NGAV), is a radically different
approach to cybersecurity. Traditional defenses like legacy AV and
machine-learning AV are designed to only identify threats at a single point in
time (i.e. when a malicious file is downloaded), making them completely blind
to non-malware attacks. NGAV closes this gap by taking on a more proactive
stance to cyber defense. It monitors the activity of applications and services,
including communications between processes, inbound and outbound network
traffic, unauthorized requests to run applications, and changes to credentials or
permission levels. By analyzing these relationships and clustering events, NGAV
can identify abnormal behavior which can be tagged, flagged and automatically
shut down before the attackers can achieve their goals.
prevention, known as next-generation antivirus (NGAV), is a radically different
approach to cybersecurity. Traditional defenses like legacy AV and
machine-learning AV are designed to only identify threats at a single point in
time (i.e. when a malicious file is downloaded), making them completely blind
to non-malware attacks. NGAV closes this gap by taking on a more proactive
stance to cyber defense. It monitors the activity of applications and services,
including communications between processes, inbound and outbound network
traffic, unauthorized requests to run applications, and changes to credentials or
permission levels. By analyzing these relationships and clustering events, NGAV
can identify abnormal behavior which can be tagged, flagged and automatically
shut down before the attackers can achieve their goals.
In today’s rapidly
digitized world, security adoption should be a critical driver for modern
businesses. With so much valuable data and intellectual property stored within
organizations, the stakes are too high for cybersecurity to be an afterthought.
Strategic cybersecurity planning should permeate every level of an organization
and educating employees on cyber risks is critical to establishing and
maintaining good security hygiene.
digitized world, security adoption should be a critical driver for modern
businesses. With so much valuable data and intellectual property stored within
organizations, the stakes are too high for cybersecurity to be an afterthought.
Strategic cybersecurity planning should permeate every level of an organization
and educating employees on cyber risks is critical to establishing and
maintaining good security hygiene.
[1] Security Intelligence, 2016 Ponemon Institute Cost of a Data Breach Study, 15 June 2016
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
