Fileless attacks rising, ransomware going strong: It's time to stop relying on antivirus software alone

A Ponemon Institute report predicts 35 percent of cyberattacks to be fileless in 2018, and these attacks are nearly 10 times more likely to succeed than file-based attacks.
By Jessica Davis
04:34 PM
antivirus software

Fileless attacks are on the rise and traditional antivirus products aren’t doing much to stop the trend, according to a Ponemon Institute report released Wednesday.

In fact, 35 percent of attacks next year will use a fileless cyberattack method.

Ponemon surveyed IT security professionals in the enterprise and found some overarching themes: organizations are reevaluating their relationship with antivirus tech, and attackers are changing their attack methods, according to Jack Danahy, CTO of security firm Barkly.

[Also: 10 stubborn cybersecurity myths, busted]

The majority of respondents found that endpoint security risk has significantly increased over the last year, corresponding with an increase in fileless attacks -- which is further compounding the issue.

Fileless attacks leverage exploits to run malicious codes and launch script from memory -- instead of downloaded files. What’s worse is the method doesn’t leave much trace of its existence. And once an endpoint is compromised, attackers are able elevate privileges and spread through the network.

Even worse: These attacks are nearly 10 times more likely to succeed than file-based attack methods, the report found.

Twenty-nine percent of 2017 attacks were fileless, up about 9 percent from last year, according to respondents. Further, 54 percent of companies experienced one of the more successful attacks that compromised data and or infrastructure. And 77 percent of these attacks used exploits or fileless methods.

The good news is that these organizations are “finally reevaluating their relationship with antivirus tech,” said Danahy. While some have claimed antivirus software is dead, it’s not. Antivirus has it’s place, but it’s not sufficient for these common threat actors.

Traditional file-scanning and antivirus software is no longer enough to safeguard against these newer forms of cyberattacks, according to the report. Instead, IT leaders are looking for more innovative tools to protect computers and networks from being compromised.

“But attackers have also watched this market and have found a way around,” said Danahy. “Attackers are changing their tactics… file scanning is an example of that.”

Further, ransomware is still plaguing the sector, with more than half of respondents experiencing a ransomware attack this year. And 40 percent of those were hit with ransomware more than once.

Compounding the issue is that 65 of respondents reported they paid the ransom, which the U.S. Department of Health and Human Services, FBI and security researchers all warn against. In fact, organizations that pay are marked on the dark web and can be hit with more attacks in the future.

Another recent global report from Infoblox and Censuswide found that 26 percent of organizations are willing to pay the ransom in the event of a cyberattack. Another 85 percent of U.K. organizations and 68 percent of U.S. respondents actually have a plan in place for payment if a ransomware attack occurs.

And an alarming one-third of healthcare IT professionals don’t know if their organization would pay the ransom or not.

Ransomware and fileless attack methods are finding success given the wide-range of medical devices found on a network, in addition to many organizations still running on outdated equipment.

The Infoblox report found that over 40 percent of organizations are running XP or Windows 7 -- systems that are no longer supported by Microsoft. Outdated systems are what gave hackers leverage in the global WannaCry attack in May.

But it’s not all bad news. To Danahy, the shift has already begun for healthcare organizations finally recognizing the reality that all organizations are potential victims of cybercrime.

“Ransomware was democratizing for cybersecurity awareness,” said Danahy. Many thought it would be the banking or financial industry, but hackers are targeting everyone. “Small practices and local systems are getting equally hit like huge companies.

The shift may be underway: There are a number of CIOs and those with fiduciary responsibility are recognizing the risks, and it might be starting to turn, said Danahy.