Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

UncategorizedEndpoint Detection and Response | K2 Cyber Security


March 16, 2020 By Timothy Chiu, VP of Marketing
Malware-free Attacks Are Now in the Majority

A new article in Dark Reading reports that for the first time since tracking was started on cyber attacks, attacks that were “file-less” or “malware-free” outnumbered file-based attacks. In 2019, 51%  of attacks were “malware-free” compared to 49% that relied on a piece of malware.  This was an increase from 40% in 2018.

The definition of malware-free attack includes methods like: stolen credentials, legitimate tools used to gain access, as well as newer sophisticated attacks that are memory-based, including return oriented programming (ROP) and buffer overflow attacks.

The reason this new statistic is so alarming is that traditional security tools rely on a file being transmitted that is scanned for malicious intent. When an attack is file-less it bypasses these traditional security methods.  The belief is that cyber criminals are increasingly using malware-free attacks due to the lower security capabilities most organizations have around malware-free attacks.

In addition, memory-based and file-less attack techniques cannot be detected or protected against using legacy host-based security solutions like Web Application Firewalls (WAF) and Endpoint Detection and Response (EDR). Legacy host based or perimeter security solutions do not have visibility into application execution and cannot deterministically protect against memory-based attacks which requires knowledge of how applications function when executing correctly to detect these advanced threats.

This makes runtime application protection a necessity as a last line of defense to protect against the new generation of cyber-attacks.

Memory-based attack protection is one of K2 Platform’s unique features.  K2 Cyber Security has developed a patented deterministic technique of optimized control flow integrity (OCFI) that creates a unique “DNA” map of the application. The “DNA” map is used during runtime to validate that the application executes as designed and alerts on deviations of correct execution caused by memory-based attacks.

Read more about K2’s memory-based attack protection.


If you’re looking for an application security solution that meets today’s needs for security, with true zero-day attack detection and no false alerts, you can request a demo or follow up from our sales team.

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131