"Three-Fifths of Cyberattacks in 2021 Were Malware-Free"

Security researchers at CrowdStrike have found that ransomware-related data leaks surged by 82% year-on-year in 2021, but most cyberattacks involved no malware at all.  The researchers found that 62% of attacks were compromised of “non-malware, hands-on-keyboard activity.” That means threat actors use legitimate credentials to access networks and then “living off the land” techniques to achieve lateral movement once inside.  The researchers stated that such tactics help adversaries bypass detection by legacy tools, but not current network monitoring and other behavior-based security.  The researchers noted that these tactics may partly explain the surge in highly targeted ransomware attacks against high-value organizations, known as “big-game hunting.” The researchers said the number of such attacks leading to data leaks rose from 1474 in 2020 to 2686 last year.  This amounts to over 50 targeted ransomware events per week.  

Infosecurity reports: "Three-Fifths of Cyberattacks in 2021 Were Malware-Free"