Endpoint security risk has become rampant, with 54% of respondents in a Ponemon Institute study saying their company has experienced a successful attack. The most common culprit? Fileless malware.
The survey, which polled 665 IT and security leaders, found that fileless attacks are almost 10 times more likely to succeed than file-based attacks.
Rather than install malicious executable files that antivirus solutions can scan and block, these attacks leverage exploits designed to run malicious code or launch scripts directly from memory, infecting endpoints without leaving easily-discoverable artifacts behind. Once an endpoint has been compromised, these attacks can also abuse legitimate system administration tools and processes to gain persistence, elevate privileges, and spread laterally across the network.
Surveyed organizations estimated that 29% of the attacks they faced during 2017 were fileless attacks, up from 20% the year before. They also projected that proportion to continue to rise next year, with fileless attacks estimated to make up 35% of all attacks in 2018.
According to the responses, 42% of companies experienced one or more fileless attacks that successfully compromised their data or IT infrastructure in 2017. In fact, over three-quarters of reported successful compromises involved fileless techniques.
“This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations.” said Larry Ponemon, chairman and founder of Ponemon Institute. “The cost of endpoint attacks in the companies represented in this study could be as much as $5 million, making an enterprise-wise endpoint security strategy more important than ever.”
To address the rising threat of fileless attacks, over 50% of organizations looked to replace or augment their existing endpoint security with new tools designed to stop fileless attacks. However, even with the transition to next-generation security, organizations cited protection gaps, high false positive rates and complexity of management as top challenges with new solutions.
False positives, for example, were ranked as the most significant “hidden” cost of endpoint protection comprising 48% of all security alerts. With fileless attacks on the rise, and false positives accounting for almost half of all alerts, it is no surprise that only 36% of organizations report having enough resources to effectively manage it all.
“Based on this research, organizations need a strategy in place to block fileless attacks, which are responsible for the majority of today’s endpoint compromises. To restore their faith in endpoint security, new solutions also need to address the crucial gap in advanced protection without adding unnecessary complexity and alarming false positive rates to endpoint management.” said Mike Duffy, CEO of report sponsor Barkly.