Malware-free Cyber Attacks on the Upswing |

Malware-free Cyber Attacks on the Upswing

File-less techniques accounted for more than half of all attacks with the Indo-Pacific region contributing a quarter of these


A report on cybercrime and the global threat surrounding it claims that malware-free techniques have become more popular with hackers over the past twelve months as these file-less techniques accounted for 51 percent of all attacks compared with 40 percent the previous twelve months.

More than half the attacks last year leveraged malware-free techniques as hackers sought stolen credentials to breach corporate networks, says the Global Threat Report released by CrowdStrike, a leading provider of endpoint protection.

More than half of attacks last year leveraged file less or "malware-free" techniques, as hackers turn to stolen credentials in their efforts to breach corporate networks. The telecommunications industry also saw increased attacks from threat actors such as those from China and North Korea, which targeted the sector for its intellectual property and competitive intelligence, it said.

The report said that during 2019, financially motivated cybercrime occurred on a continuous basis during the past twelve months with CrowdStrike observing an increase in incidents of ransomware, maturation of tactics used and heightening ransom demands from criminals, who conducted more data exfiltration.

The malware-free tactics were witnessed more in North America that accounted for close to three-fourths of all such attacks globally. The techniques accounted for about a quarter of crime in the Indo-Pacific region, the report said.

“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands. As such, modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said Adam Meyers, vice president of Intelligence at CrowdStrike in a press statement.

Other notable highlights from the 2020 Global Threat Report include:

  • The trend toward malware-free tactics accelerated, with malware-free attacks surpassing the volume of malware attacks. In 2019, 51% of attacks used malware-free techniques compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional antivirus (AV) solutions.
  • China continues to focus many operations on supply chain compromises, demonstrating the nation-state’s continued use of this tactic to identify and infect multiple victims. Other targeting of key U.S. industries deemed vital to China’s strategic interests — including clean energy, healthcare, biotechnology, and pharmaceuticals — is also likely to continue.
  • The industries at the top of the target list for enterprise ransomware (Big Game Hunting) observed were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.
  • In addition to supporting currency generation, DPRK’s targeting of cryptocurrency exchanges could support espionage-oriented efforts designed to collect information on users or cryptocurrency operations and systems. In addition, CrowdStrike Intelligence suspects that DPRK has also been developing its own cryptocurrency to further circumvent sanctions.

The annual report's assessment of the threat landscape is based on its analysis of data collected from more than 3 trillion events per week across 176 countries, consult from its intelligence team that tracks 131 adversaries including nation-state and hacktivist actors as well as Falcon OverWatch threat hunters, and findings from its investigations of incident responses in 2019. 

TAGS: malware, Cybercrime, CrowdStrike, ecrime