So-called ‘malware-free attacks’—cyberattacks that do not rely on downloadable files or software—now account for 51% of all cyberattacks according to CrowdStrike’s latest threat report. The data, collected in 2019, is up 11% in comparison to the previous year, when only 40% of cyberattacks were carried out in this way.
The trend marks a shift in the types of attacks used by cybercriminals, indicating a continued shift away from the use of traditional malware toward a reliance on ransomware and stolen credentials to breach corporate networks, CrowdStrike researchers say.
The threat report also found that the telecommunications industry is especially at risk, with threat actors operating from China and North Korea being known to target the industry for its competitive intelligence and intellectual property.
Furthermore, according the threat report, the bulk of the increase in malware-free attacks was aimed at North American organizations, which were collectively affected the most by the trend. There, nearly 75% of cyberattacks in 2019 fell into this category.
Malware-free attacks to pose new challenges
According to CrowdStrike, malware-free attacks refer to any attack in which the initial tactic “did not result in a file or file fragment being written to disk”. These include all cyberattacks in which memory-executed code targets a network, or in which stolen credentials are exploited for remote logins.
“Malware-free attacks generally require a wide range of more sophisticated detection techniques to identify and intercept reliably,” the researchers explain, “including behavioral detection and human threat hunting.”
Chris Clements, VP of cybersecurity solutions firm Cerberus Sentinel, takes this definition a step further, pointing out that there is often confusion between the terms ‘malware-free’ and ‘fileless’.
“Malware-free and fileless attacks are two different concepts I would be hesitant to conflate,” he explains. “Malware-free implies the absence of any sort of malicious code, whereas fileless attacks do employ malicious code, but do so only in computer memory never writing itself as a file to the local hard drive.”
The 2020 CrowdStrike threat report additionally suggests that a rise in malware-free attacks of these kinds are making room for a rise in ransomware attacks more broadly.
As malware based cyberattacks become less prevalent and malware free techniques increasingly begin to take their place—the emerging cybercrime landscape poses a new range of challenges for businesses. According to the report, sophisticated ransomware allows for data to be exfiltrated from companies which, in turn allows cybercriminals to exploit sensitive or potentially embarrassing information against a company in exchange for ransom.
Writing about developments in cybersecurity over the course of 2019, the CrowdStrike researchers pointed out that “from U.S. school districts to asset management firms, from manufacturing to media, ransomware attacks affected multitudes of people.”
“This merciless ransomware epidemic will continue, and worsen,” they predict, “as long as the practice remains lucrative, and relatively easy and risk-free.”
CrowdStrike reveals new trends in cybercrime
The CrowdStrike Global Threat Report reveals more than a mere sharp rise in malware-free attacks. Researchers also investigated the financial damage that can result when businesses fall victim to cybercrime, uncovering the extent to which some companies have been affected.
The largest ransom that the researchers discovered as having been demanded in 2019, for example, sat at a figure of $12.5 million. (This particular incident was associated with an attack using Ryuk ransomware).
The threat report also found that the top industries to fall victim to enterprise ransomware attacks were local government, education, technology, healthcare, manufacturing, financial services and media.
Additionally, the researchers found that eCrime (all criminal activity that makes use of computers on the Internet—of which malware is only a part) has also been on the rise over the course of the past twelve months. This includes a steady rise in banking Trojan attacks, spambots and point-of-sales attacks.
According to CrowdStrike, when taken together, these trends have the capacity to leave organizations completely inoperable for extended periods of time—further impelling the need for organizations to have a security strategy in place to protect against eCrime and other cyber threats.
The sharp rise in malware-free attacks demonstrates that cybercrime is a fast-evolving field, and that criminals are increasingly trying to stay one step ahead of developments in cybersecurity and data protection.
In order to adequately deal with the ever-evolving threat of cybercrime, including malware-free attacks, CrowdStrike recommends that organizations put forward procedures that might allow them to detect and to respond to cyber threats quickly. According to the researchers, the best procedure to implement is known as the ‘1-10-60 rule’. In essence, this involves:
Spending up to 1 minute in the detection phase when cybercrime strikes;
Spending up to 10 minutes investigating the nature and impact of the breach; and
Spending up to 60 minutes containing and eliminating the threat.
These numbers are by no means arbitrary. According to CrowdStrike, organizations which meet these time thresholds are empirically more likely to stop a cyberattack in its tracks before the breach spreads from its initial point of entry to become an even more serious threat.
By following the ‘1-10-60 rule’, business leaders can therefore expect to minimize the impact of a cyberattack on their employees, customers and operations.