Non-malware attacks seen riskier to businesses than commodity malware
A great majority (93%) of cybersecurity researchers said non-malware attacks pose more of a business risk than commodity malware attacks, according to Carbon Black.
Based on interviews with more than 400 leading cybersecurity researchers nearly two-thirds (64%) said they’ve seen an increase in non-malware attacks since the beginning of 2016.
Interviewees reported that non-malware attacks are increasingly leveraging native system tools, such as WMI and PowerShell, to conduct nefarious actions.
Citing one researcher, Carbon Bloack said non-malware attacks will become so widespread and target even the smallest business that users will become familiar with them.
Most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, but rarely consider a person who is actually attacking them in a more proactive and targeted manner.
Also, AI is considered by most cybersecurity researchers to be in its nascent stages and not yet able to replace human decision making in cybersecurity. Nine in every 10 (87%) researchers said it will be longer than three years before they trust AI to lead cybersecurity decisions.
Three quarters (74%) of researchers said AI-driven cybersecurity solutions are still flawed, and 70% said ML-driven security solutions can be bypassed by attackers. Nearly one-third (30%) said attackers could “easily” bypass ML-driven security.
Cybersecurity talent, resourcing and trust in executives continue to be top challenges plaguing many businesses.
“Based on how cybersecurity researchers perceive current AI-driven security solutions, cybersecurity is still very much a ‘human vs. human’ battle, even with the increased levels of automation seen on both the offensive and defensive sides of the battlefield,” said Carbon Black CTO Michael Viscuso.
“And, the fault with machine learning exists in how much emphasis organizations may be placing on it and how they are using it,” said Viscuso. “Static, analysis-based approaches relying exclusively on files have historically been popular, but they have not proven sufficient for reliably detecting new attacks. Rather, the most resilient ML approaches involve dynamic analysis -- evaluating programs based on the actions they take.”