Global tech developer, Cisco, published a blog report about the nature of cybersecurity threats to endpoint services. The report analysed the causes of several endpoint breaches and arrived at multiple conclusions regarding cyberattacks.
According to the report, Fileless malware is the most prevalent form of cybersecurity threats, responsible for 30% of all attacks. It is closely followed by Dual-use Powershell Tools and Credential Dumping Tools. Cumulatively, these top 3 causes of cyberattacks make up for 75% of all threats. The remaining 25% is accounted for by ransomwares, worms, and trojan horses.
Fileless malware includes malicious code that runs through the system’s memory after infection, instead of going through the hard drive. Notably, Kovter and Poweliks are two prime fileless malwares.
Dual-use Powershell Tools, responsible for 24% of total threats, are generally used for penetration tests. However, they can easily be used for malicious intent as well. Tools like CobaltStrike and Metasploit can be used for exploitation as well as post-exploitation tasks.
The third most common threat is Credential Dumping Tools, causing 21% of total cyberattacks. These malicious codes are used to exfiltrate login details from compromised computers. One such tool called Mimikatz was widely reported in 2020.
A peculiar element of this report was that ransomware attacks, which have been rampant this year, account for only 8% of total cyberattacks. In fact, ransomwares, trojan horses, and worms make up only a quarter of all threats.
Severity of threats and tactics employed
Cisco’s analysis also categorised the levels of severity of these cyberattacks into four – low, medium, high, and critical. From the analysis, more than 80% of all threats were in the low and medium severity spectrum.
The report also summarised the tactics used by malicious actors using the MITRE ATT&CK framework. This framework lists several techniques that malwares practice in order to successfully hack a system – defence evasion, execution, initial access, command and control, etc. In conclusion, ‘defence evasion’ was the most common tactic employed by the malwares, although most malwares used more than one tactic in an attack.