Latest research shows that attackers are holding data for ransom at an alarming rate as they continue to deploy attacks across every industry. Along with the rise of ransomware and mushrooming of mass malware, attackers are increasingly utilising non-malware attacks in attempting to remain undetected and persistent on organisations’ enterprises.
These non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behaviour.
As organisations plan to defend their enterprises against ransomware and non-malware attacks, here’s what to expect in 2017.
1: Non-malware attacks will escalate and become more severe
Attackers are increasingly utilising non-malware attacks in an effort to remain undetected on organisations’ endpoints.
Non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) saw a significant rise in 2016. Additionally, instances of severe non-malware attacks grew throughout 2016. According to recent research, over a 90-day period, about one-third of organisations are likely to encounter at least one severe, non-malware attack.
Deployment of non-malware attacks in the wild has moved, with regularity, into attack campaigns. For example, earlier this year, Carbon Black discovered the first known instance of PowerShell being used in a ransomware attack with PowerWare. By using PowerShell, PowerWare avoids writing new files to disk and tries to blend in with more legitimate computer activity.
The alleged hack against America’s Democratic National Committee (DNC) earlier this year was reported to have leveraged both PowerShell and WMI in order for attackers to move laterally and remain undetected.
As we turn the calendar to 2017, non-malware attacks are at the highest levels I’ve seen and should be a major focus for security defenders during the coming year.
2: The ransomware blitz will continue
While ransomware is more than 30-years-old, it experienced a renaissance of sorts for attackers in 2016. According to recent data, the number of ransomware instances grew by more than 50 per cent in 2016 when compared to 2015.
And while mass malware still accounts for the majority of total malware, ransomware is stealing the headlines. Unfortunately, that’s because it works and has resulted in major paydays for attackers. In 2015, ransomware was a $24 million crime. As we close out 2016, businesses from all industries have lost more than $850 million to ransomware.
Ransomware is quickly evolving in sophistication. Payloads are increasingly infecting hundreds of machines at once, as occurred during the attack against the San Francisco Municipal Transport Agency, where more than 2,000 systems were locked down.
Until organisations unilaterally make prevention of ransomware attacks a top priority, we’ll continue to see ransomware make headlines in 2017.
3: Cyber-security investments will rise on a global scale
Organisations are quickly coming to the realisation that traditional antivirus does very little to stop modern attacks. The proliferation of non-malware attacks has accentuated this issue.
Major global hacks against the several international banking network and the Ukraine power grid, among others, have served as clarion calls that critical infrastructure and worldwide financial systems will continue to be targeted.
In the U.S., alleged attacks against voter databases and the election process have placed a renewed emphasis on cyber security as an issue of national security.
As a result, we will see a significant shift away from traditional antivirus solutions around the globe in 2017 as private organisations and worldwide governing bodies effort to curb the growing trend of attacks seen this year.
Year 2016 was not a good year for cyber defenders, and 2017 is looking like another challenging year. While investments are being made with innovation and deployment, there is still work to do when it comes to cyber-security awareness, preparation, and culture.
We must work to increase our leverage, through employee training, automation, and getting more value out of our security investments. There’s a lot of opportunity to improve in 2017, so let us take some of these predictions and figure out how to make these attacks less likely to cause significant harm.
Article by Ben Johnson, chief security strategist, Carbon Black