Panda Security: Beware Malware-Free Attacks in 2018

[Exterminator]

Panda Security discovered 75 million new malware samples in the first nine months of 2017 alone, but attacks that abuse non-malicious tools are on the rise going into 2018, the firm warned.

The Spanish security vendor claimed in its PandaLabs Annual Report 2017 that it saw around 285,000 samples of new malware each day up to September 20.

In the top 10 for the period were four files related to infamous ransomware WannaCry, as well as two linked to the backdoored version of popular performance optimization tool CCleaner.

The latter campaign dropped in September, targeting tech companies with a watering hole-style attack.

Over 99% of malware spotted by Panda this year was only seen once, meaning the authors change the code with each new infection.

However, the vendor warned that it is “malwareless attacks and attacks that abuse non-malicious tools” that are on the rise for 2018. It cited Verizon stats that in half (49%) of all breaches recorded in its most recent Data Breach Investigations Report, there was no malware involved at all.

These include tools used by network administrators, where the admin account itself has been hijacked by cracking, hacking or guessing log-in credentials.

“I am talking about tools such as Microsoft’s PowerShell, included in the Swiss Army knife of any sysadmin and at the same time being used more and more in hacking attacks,” PandaLabs technical director, Luis Corrons, told Infosecurity.

“As an example, a few weeks ago we discovered an automated attack that was using a mix of different techniques: fileless attack, use of PowerShell, exploits, customized Mimikatz and more just to run a Monero miner in the compromised computers.”

Such new techniques will require IT security teams to get smarter about how they spot and block cyber threats next year, the report claimed.

Threat hunting tools must therefore focus on analyzing the behavior of network users, with machine learning providing an effective way to prioritize potential incidents.

As for other threats on the horizon in 2018, the report highlighted a continued deluge of IoT and mobile threats, ransomware, cyber-propaganda and an increasingly complex cyber-warfare ecosystem with attackers looking to hide their tracks via false flag operations.