ARTICLE
13 March 2020

Cyberattack Update From 2019 – Decline In The Use Of Malware!

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
Darkreading.com reported that from the "CrowdStrike 2020 Global Threat Report" that "the first time in CrowdStrike's research and incident response engagement reporting...
United States Technology

Darkreading.com reported that from the “CrowdStrike 2020 Global Threat Report” that “the first time in CrowdStrike's research and incident response engagement reporting, so-called "malware-free" attacks edged ahead of malware-based ones, at 51% to 49% in 2019. In 2018 and 2017, malware accounted for around 60% of all attacks globally, and malware-free attacks around 40%, according to CrowdStrike's data.”   The March 4, 2020 report entitled “Most Cyberattacks in 2019 Were Waged Without Malware” included these comments:

Seasoned cybercriminals and nation-state attackers for some time now have been upping their game with new methods to mask their activities from security tools by blending in and posing as real users in the targeted organization's network - using stolen credentials and running legitimate tools to dig through victim systems and data, for instance.

A malware-free attack in CrowdStrike's parlance is one where the method to gain entry into a victim organization doesn't employ a malicious file or file fragment to a computer disk.

In addition to stolen credentials or legitimate tools, this type of attack also can execute code from memory and can only be detected with higher-level tools and techniques that spot unusual behavior, or via threat hunting.

Actually I’m not surprised, are you?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More