When it comes to what threatens endpoints—and the users behind them—malware-less threats are on a significant rise.
According to research from the SANS Institute, the most common threats seen by respondents' organizations include spyware (50%), ransomware (49%) and trojans (47%). Yet almost one-third of respondents also experienced a malware-less threat entering their organization, impacting IT systems and adding to IT staff workload.
These attacks are more difficult to find because they can't be detected by signature-based technologies. Scripting attacks were the most common malware-less incident, while credential compromise or privilege escalation caused the most impact.
Few of the threats respondents faced were new zero-day threats, with 76% admitting that under 10% of the significant threats they saw were zero-day.
"Today's threats predominately leverage the same old vulnerabilities and techniques," said Lee Neely, SANS analyst, mentor instructor and author of the survey report. "The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors."
Phishing was cited as the most common threat by 72% of respondents; and, about 40% of survey respondents said they have been impacted by phishing attacks, including spearphishing and whaling, in the last year.
"Users and their endpoints are still in the cross hairs," said Neely. "Traditional and malware-less threats keep popping up at every corner, making our jobs as defenders resemble an ongoing game of Whack-a-Mole to keep them at bay."
Users are also part of the solution, with 37% of respondents indicating that calls to the help desk helped them discover their most impactful threats. According to the survey results, user training, improved operational security practices and improved visibility into network and endpoint behavior are the top measures to improve threat prevention success and reduce the need to play Whack-a-Mole.