Cybercriminals take the path of least resistance — which is why more of them are adopting fileless attacks to target their victims. The threat is poised to grow as attackers recognize the ease of this method and more employees rely on mobile and cloud to do their jobs.
Fileless, or non-malware, attacks let threat actors skip the steps involved with traditional malware-based attacks. They don’t need to create payloads; they can simply use trusted programs to exploit in-memory access. In 2017, fileless malware attacks leveraging PowerShell or Windows Management Instrumentation tools made up 52% of all attacks for the year.
Yet businesses still aren’t paying attention.
“Our focus in this industry is still on traditional attack vectors we’ve been dealing with for most of our careers,” says Heath Renfrow, CISO at Leo Cyber Security.
It’s time for businesses to take a closer look at how these threats work, how they can be detected, why they’re predicted to grow, and the steps they can take to protect themselves.