informa
Quick Hits

One-Third of Businesses Hit with Malware-less Threats

Scripting attacks, credential compromise, privilege escalation, and other malware-less threats affect IT systems and add to staff workload.

Malware-less attacks affect nearly one-third of businesses, the SANS Institute found in a new survey on the threat landscape. Nearly one-third of respondents reported a malware-less threat entering their organizations, affecting IT staff and increasing workloads.

These attacks are harder to find and address because they cannot be detected by signature-based technologies. SANS found scripting attacks are the most common malware-less incident, and credential compromise and privilege escalation caused the largest impact.

The most common threats seen among businesses were phishing (72%), spyware (50%), ransomware (49%), and Trojans (47%). Phishing caused the greatest damage. Few respondents face zero-day threats; 76% said less than 10% of significant threats they faced were zero-days.

"Today's threats predominately leverage the same old vulnerabilities and techniques," said report author and SANS analyst Lee Neely in a statement. "The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors."

Read more details here.

Recommended Reading: