Nmedia - Fotolia

Non-malware attacks pose bigger threat than malicious software

Malware-free cyber attacks are on the rise and artificial intelligence in cyber security is still far from replacing humans, according to most cyber security researchers

Non-malware attacks pose a greater risk to business than commodity malware, according to 93% of more than 400 cyber security researchers polled by security firm Carbon Black.

Nearly two-thirds of respondents said they had seen an increase in non-malware attacks since the beginning of 2016, according to the research report.

These non-malware attacks are increasingly using native system tools, such as Microsoft’s Windows PowerShell, to conduct nefarious actions, researchers reported.

Some researchers believe non-malware attacks will become so widespread and target even the smallest businesses that users will become familiar with them.

While most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, researchers said users rarely consider proactive and targeted attacks.

The survey also revealed that 87% of cyber security researchers do not yet trust artificial intelligence (AI) and machine learning (ML) to replace human decision making in security.

AI is considered by most cyber security researchers to be in its nascent stages and not yet able to replace human decision making in cyber security.

Some 87% of the researchers said it was likely to take at least three more years of refinement before AI could be trusted to lead cyber security decisions.

Three-quarters said AI-driven cyber security solutions were still flawed, while 70% said security systems driven by machine learning (ML) could be bypassed by attackers. Nearly a third said attackers could “easily” bypass ML-driven security.

Read more about AI and cyber security

Cyber security talent, resourcing and trust in executives continue to be top challenges plaguing many businesses, the research report said.

“Based on how researchers perceive current AI-driven security solutions, cyber security is still very much a ‘human vs human’ battle, even with the increased levels of automation seen on both the offensive and defensive sides of the battlefield,” said Michael Viscuso, Carbon Black co-founder and CTO.

“The fault with machine learning exists in how much emphasis organisations may be placing on it and how they are using it,” he said.

While static, analysis-based approaches relying exclusively on files have historically been popular, Viscuso said they had not proven sufficient for reliably detecting new attacks. “Rather, the most resilient ML approaches involve dynamic analysis, which evaluates programs based on the actions they take.”

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close