What is a Non-Malware (or fileless) attack?
Virtually every organization was targeted by a non-malware attack in 2016, and this year will be no different. The global emergence and continued growth of non-malware attacks will be a major security pain point in 2017, testament to the increasingly sophisticated attack methodologies employed by hackers today.
Non-malware attacks, also known as fileless attacks, are so dangerous because they work. These attacks leverage on trusted, native operating system tools such as PowerShell or exploit running applications, such as web browsers and Office applications, to conduct their malicious behavior. The nature of these attacks allow hackers to gain control of computers without downloading any malicious files, which means that they can bypass detection by traditional antivirus (AV) software, which was designed to stop malicious files only.
Research by Carbon Black found that 98% of security researchers encounter at least one non-malware attack a month but only one-third are confident that traditional AV can protect their organizations from this form of attack.By employing this stealthy technique to penetrate systems and steal data, cyber criminals can stay virtually undetected while they extract valuable information from organizations over prolonged periods of time, causing more damage than ever before. According to the 2016 Ponemon Cost of a Data Breach Study, the average cost of a successful breach is $4 million – a catastrophic sum that will put a significant strain on resources for any organization.