What Is a Non-Malware (or Fileless) Attack?

By Kane Lightowler, Managing Director, Asia Pacific & Japan, Carbon Black

Virtually every organization was targeted by a non-malware attack in 2016, and this year will be no different. The global emergence and continued growth of non-malware attacks will be a major security pain point in 2017, testament to the increasingly sophisticated attack methodologies employed by hackers today.

Kane Lightowler, MD, Carbon Black

Non-malware attacks, also known as fileless attacks, are so dangerous because they work. These attacks leverage on trusted, native operating system tools such as PowerShell or exploit running applications, such as web browsers and Office applications, to conduct their malicious behavior. The nature of these attacks allow hackers to gain control of computers without downloading any malicious files, which means that they can bypass detection by traditional antivirus (AV) software, which was designed to stop malicious files only.

Research by Carbon Black found that 98 percent of security researchers encounter at least one non-malware attack a month but only one-third are confident that traditional AV can protect their organizations from this form of attack.

By employing this stealthy technique to penetrate systems and steal data, cyber criminals can stay virtually undetected while they extract valuable information from organizations over prolonged periods of time, causing more damage than ever before.

According to the 2016 Ponemon Cost of a Data Breach Study[1], the average cost of a successful breach is US $4 million – a catastrophic sum that will put a significant strain on resources for any organization.

Moving beyond legacy AV

An alarming number of organizations today are still relying on traditional AV as their only form of protection. This is no doubt correlated with the increased number of successful and profitable breaches in the recent years. Small medium enterprises (SMEs) too, are not spared from these assaults. In fact, we are seeing a trend wherein attackers exploit the weaker defense capabilities of SMEs as an entry point to the multi-national corporations (MNCs) they work with.

Here’s the bottom line: organizations will be attacked. And when it happens, they should be confident that their cybersecurity capabilities can prevent the attacks, detect them and, if necessary, respond before attackers can do any real damage. To do this, there needs to be a paradigm shift in organizations’ approach to security investments and for IT teams to do a much-needed reality check on their current defense capabilities.

Just as cyber criminals are constantly evolving their methods of attack to bypass standard proprietary capabilities, organizations need to be enhance their defense to match the current threat landscape. This means moving away from legacy AV and adopting a new line of defense that has been specifically developed to address sophisticated threats.

A new paradigm in cybersecurity

The new model of prevention, known as next-generation antivirus (NGAV), is a radically different approach to cybersecurity. Traditional defenses like legacy AV and machine-learning AV are designed to only identify threats at a single point in time (i.e. when a malicious file is downloaded), making them completely blind to non-malware attacks. NGAV closes this gap by taking on a more proactive stance to cyber defense. It monitors the activity of applications and services, including communications between processes, inbound and outbound network traffic, unauthorized requests to run applications, and changes to credentials or permission levels. By analyzing these relationships and clustering events, NGAV can identify abnormal behavior which can be tagged, flagged and automatically shut down before the attackers can achieve their goals.

In today’s rapidly digitized world, security adoption should be a critical driver for modern businesses. With so much valuable data and intellectual property stored within organizations, the stakes are too high for cybersecurity to be an afterthought. Strategic cybersecurity planning should permeate every level of an organization and educating employees on cyber risks is critical to establishing and maintaining good security hygiene.