Malware-less attacks affect nearly one-third of businesses, the SANS Institute found in a new survey on the threat landscape. Nearly one-third of respondents reported a malware-less threat entering their organizations, affecting IT staff and increasing workloads.
These attacks are harder to find and address because they cannot be detected by signature-based technologies. SANS found scripting attacks are the most common malware-less incident, and credential compromise and privilege escalation caused the largest impact.
The most common threats seen among businesses were phishing (72%), spyware (50%), ransomware (49%), and Trojans (47%). Phishing caused the greatest damage. Few respondents face zero-day threats; 76% said less than 10% of significant threats they faced were zero-days.
"Today's threats predominately leverage the same old vulnerabilities and techniques," said report author and SANS analyst Lee Neely in a statement. "The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors."
Read more details here.