A new article in Dark Reading reports that for the first time since tracking was started on cyber attacks, attacks that were “file-less” or “malware-free” outnumbered file-based attacks. In 2019, 51% of attacks were “malware-free” compared to 49% that relied on a piece of malware. This was an increase from 40% in 2018.
The definition of malware-free attack includes methods like: stolen credentials, legitimate tools used to gain access, as well as newer sophisticated attacks that are memory-based, including return oriented programming (ROP) and buffer overflow attacks.
The reason this new statistic is so alarming is that traditional security tools rely on a file being transmitted that is scanned for malicious intent. When an attack is file-less it bypasses these traditional security methods. The belief is that cyber criminals are increasingly using malware-free attacks due to the lower security capabilities most organizations have around malware-free attacks.
In addition, memory-based and file-less attack techniques cannot be detected or protected against using legacy host-based security solutions like Web Application Firewalls (WAF) and Endpoint Detection and Response (EDR). Legacy host based or perimeter security solutions do not have visibility into application execution and cannot deterministically protect against memory-based attacks which requires knowledge of how applications function when executing correctly to detect these advanced threats.
This makes runtime application protection a necessity as a last line of defense to protect against the new generation of cyber-attacks.
Memory-based attack protection is one of K2 Platform’s unique features. K2 Cyber Security has developed a patented deterministic technique of optimized control flow integrity (OCFI) that creates a unique “DNA” map of the application. The “DNA” map is used during runtime to validate that the application executes as designed and alerts on deviations of correct execution caused by memory-based attacks.
Read more about K2’s memory-based attack protection.
If you’re looking for an application security solution that meets today’s needs for security, with true zero-day attack detection and no false alerts, you can request a demo or follow up from our sales team.