Written by National Security Strategist, Eric O’ Neill, Carbon Black
A CIO’s job has never been harder. The growth and development of existing and emerging threats are stretching security teams to the breaking point. Non-malware attacks, in particular, are posing a significant risk to organisations.
These non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behaviour.
In December 2016, Carbon Black released research encompassing data from more than 1,000 customers, which found that instances of severe non-malware attacks grew throughout 2016. Over a 90-day period, about one-third of organisations are likely to encounter at least one severe non-malware attack, our research found.
The prevalence and the nature of non-malware attacks make them especially for businesses. Compounding this risk is traditional antivirus (AV), which cannot stop non-malware attacks. Focused exclusively on static malware, AV stay in lockstep with the much more fluid non-malware attacks, which rely on native system tools to remain undetected.
Highlighting this very point, Carbon Black discovered last year the first known instance of PowerShell being used in a ransomware attack with PowerWare. By using PowerShell, PowerWare avoids writing new files to disk and tries to blend in with more legitimate computer activity. Non-malware attacks typically do not require downloading additional malicious files and are capable of conducting extremely nefarious activities such as stealing data, stealing credentials, and spying on IT environments.
Severe non-malware attacks rose steeply in 2016. In the fourth quarter of 2016, Carbon Black customers saw 33% more severe non-malware attacks than they did in the first quarter of the year. A severe non-malware attack is classified as an attack that often includes suspicious command lines, delivering executable code directly to PowerShell and exhibits some type of additional malicious techniques during execution (such as executing dynamically delivered shellcode, reading memory of other processes, or injecting into other running processes). This demonstrates further the severity of the danger.
The threat posed by non-malware is not constrained to only one industry (or even a few industries). CIOs, wherever they work, need to be alert to the danger posed by both malware and non-malware threats.
Carbon Black have identified ransomware as the fastest-growing malware across all industries in 2016, with major percentage increases seen at technology companies, energy/utility companies and banking organisations when compared to the previous year. Although all industries saw the threat increase, the three industries highlighted increased the most.
Illustrating this point is the fact ransomware targeted at technology companies grew 218%, by 112% for energy/utility companies and 93% in banking.
The continued rise of non-malware attacks suggest they will likely be among CIOs’ biggest problem in 2017 and will certainly will require very careful monitoring and controlling by security teams.
In 2017, CIOs need to make sure they have the right security solution in place, such as a Next-Generation Antivirus, capable of seeing and stopping both malware and non-malware attacks.