Non-Malware Attacks on the Rise, in the Shadow of Ransomware

Non-Malware Attacks on the Rise, in the Shadow of Ransomware

2016 saw attackers holding data for ransom at an alarming rate; but in conjunction with the rise of ransomware and the continued ubiquity of mass malware, attackers are increasingly utilizing non-malware attacks in an attempt to remain undetected and persistent in organizations’ networks.

According to Carbon Black data, these non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behavior.

In its end-of-year threat report, Carbon Black found that instances of severe non-malware attacks grew throughout 2016. And in any given 90-day period, about one-third of organizations are likely to encounter at least one severe, non-malware attack.

Instances of non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) grew throughout 2016. Such attacks spiked by more than 90% in the second quarter of this year (93.2%) and have stayed at escalated levels since. And, some leading attack campaigns in 2016, including PowerWare and the hack against the Democratic National Committee (DNC) leveraged non-malware attack vectors to carry out nefarious actions.

Meanwhile, the research also found that ransomware, which is on track to be an $850 million business in 2016 according to FBI data, has emerged as the fastest-growing malware across all industries in 2016.

When considering the total amount of ransomware seen this year, manufacturing companies (16% of total ransomware instances), utility/energy companies (15.4% of all ransomware instances) and technology companies (12.6% of all ransomware instances) led the way.

Locky emerged as the go-to ransomware family of 2016, used in one-quarter of all ransomware-based attacks. CryptoWall, CryptXXX, Bitman and Onion (CTB Locker) round out the top five ransomware families seen in 2016.

That said, it’s important to keep things in perspective, the report noted: “While ransomware continues to generate headlines, it is still only a piece of the overall malware scope. Even with its rapid growth, ransomware still only accounts for 2% of total malware seen in 2016. Locky, which was the most prevalent ransomware family seen in 2016 according to Carbon Black data, ranks 13th when stacked against other types of malware.”

Photo © ra2studio

Source: Information Security Magazine