Malware-Free Cyber Attacks on the Rise

John Lister's picture

Most online attacks don't involve malware, according to newly published figures. It's the first time "fileless techniques" have been in the majority.

The figures come from an annual report by security company CrowdStrike. It says it analyzed its own customer data along with that from investigations into known attackers and data from reported incidents.

According to the report, malware-free attacks made up 51 percent of the total during 2019, up from 40 percent the previous year. The tactics were particularly prevalent in North America, making up 74 percent of attacks. (Source: zdnet.com)

As always with computer security, how you define terms matters the most. CrowdStrike's definition was that malware involves files being written to an attacked machine's disk. That includes familiar attacks such as remotely installing rogue files and software after exploiting a security flaw, or tricking the user into downloading or opening a malicious file.

Stolen Passwords Pay Off

The malware-free attacks cover a range of tactics but the most common are altering data in a computer's memory, or simply using stolen details to remotely log in to a computer or server.

Naturally CrowdStrike presents these claims in the context of its own security products. It says the main takeaway is that people and businesses shouldn't simply rely on traditional antivirus tools that scan files, either on a schedule or in real-time.

Social Engineering: Remote Access and Indian Scammers

Oftentimes the threat is social engineering. An example might be a red screen virus alert that claims the computer is infected to call a 1-800 number to "fix the problem." Searching Google for "i let someone remotely access my computer" or "i gave someone remote access to my computer" will yield countless examples of people that let Indian tech support scammers posing as Microsoft into their machines, who in turn charge exorbitant fees to fix problems that don't exist. In this case, antivirus and a firewall won't help.

Instead, today's threats require more emphasis on behavioral analysis: in other words, security tools learning to look for suspicious activity - though this is especially difficult in social engineering cases.

Ransomware Targets Public Bodies

The report also suggests two other very different trends in attacks. The first is ransomware operators deliberately targeting public bodies such as schools and local governments. The logic seems to be that such victims are less likely to be well-funded enough to deal with attacks, but have a public duty to quickly restore compromised services. That increases the chances they'll pay ransoms.

Contrastingly, attackers working for or backed by nation states are carrying out more sophisticated attacks as well as widening their goals from espionage to actively causing disruption. (Source: crowdstrike.com)

What's Your Opinion?

Do you understand how your chosen security tools work and what threats they target? Do you think ordinary citizens should worry about these developments? Do you think security companies will be able to catch up with attackers or will they always be a step behind?

Rate this article: 
Average: 4.9 (12 votes)

Comments

Draq's picture

People need to be aware of what companies will and won't do. Microsoft isn't going to reach out to you because they found something anomalous with your machine. An antivirus company isn't going to automatically scan your machine via the web and tell you that you have malware. Not one single service should ever be asking for your password via email. Ordinary citizens should definitely be concerned about scare tactics and phishing. Sites like this one are great for that sort of education. Ignorance can be dangerous.

rohnski's picture

<snip>
It's the first time "fileless techniques" have been in the majority.
</snip>
and
<snip>
CrowdStrike's definition was that malware involves files being written to an attacked machine's disk. That includes familiar attacks such as remotely installing rogue files and software after exploiting a security flaw, or tricking the user into downloading or opening a malicious file.
</snip>

???
How is this "fileless"? You/they are saying file are being saved to the local drive? How is this different than a "normal" malware attack?

Dennis Faas's picture

We've covered the idea of fileless attacks with regard to the Astaroth malware. Please read this article as well as my comments which should help to explain what you're asking.