Non-malware attacks ‘rose significantly in 2017’

Non-malware attacks ‘rose significantly in 2017’ [Image: phive2015 via iStock]

Non-malware cyber attacks made up 52 per cent of all hacks seen in 2017, according to new research by Carbon Black.

The company found that non-malware attacks are increasing at a rate of 6.8 per cent per month.

Ransomware was one of the biggest threats to businesses last year, with recent research by Cybersecurity Ventures finding that it was estimated to be a $5 billion (£3.6 billion) crime in 2017.

Highlighting the huge increases in ransomware figures was the finding that in 2016, the estimate was $850 million. Further emphasising how ransomware has grown in popularity among hackers, the 2015 estimate was just $24 million.

Carbon Black found that ransomware attackers most often targeted technology companies, government and non-profit organisations, and legal firms in 2017.

Meanwhile, financial services firms, healthcare providers, and retailers were the top three most targeted organisations by cyber attacks leveraging malware in 2017.

In the Carbon Black 2017 Threat Report, the company said: “Ransomware, combined with the continued ubiquity of mass malware and non-malware attacks, is creating a vast attack surface for cyber attackers, who are getting more creative and persistent.”

Explaining how non-malware attacks are distributed, Carbon Black said they use trusted programs, which are native to operating systems, in order to gain control of computers. These attacks typically do not require downloading additional malicious files and are capable of conducting “extremely nefarious activities”, including stealing data and stealing credentials, as well as spying on IT environments.

Non-malware attacks are also known to exploit in-memory access and running applications, such as web browsers and Office applications, to conduct malicious behavior. Carbon Black  pointed to a survey it conducted, which found that 93 per cent of security researchers said non-malware attacks pose more of a business risk than commodity malware attacks.