Good Tools Increasingly Used in Fileless Attacks, Carbon Black Finds

Banks are among the most targeted industry verticals by cyber-criminals and with good reason—banks are literally where the money is. Security firm Carbon Black released a report on May 22 that provides insights into how hackers are going after banks. The “Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector” report surveyed a select group of 40 chief information security officers (CISOs) at major global financial institutions. Among the top findings in the study is that so-called “good tools” including PowerShell are increasingly being used in non-malware, or “fileless,” attacks. Ransomware is also a challenge, with 90 percent of financial institutions reporting being targeted by ransomware in 2017. In this slide show, eWEEK looks at some of the highlights from Carbon Black’s Modern Bank Heists report.

According to Carbon Black, non-malware, or fileless, attacks now account for more than 50 percent of successful breaches. Among the top tools used for fileless attacks are “good tools” that are intended to be used by developers for legitimate purposes. The most often abused good tool, according to the survey’s respondents, is PowerShell, followed by Windows Management Instrumentation (WMI).

Ninety percent of the financial institutions surveyed by Carbon Black reported being targeted by ransomware in 2017.

With threat hunting, cyber-security professionals actively seek out potential risks within an organization, rather than just waiting for perimeter defenses to identify threats. Thirty-seven percent of financial institutions in the Carbon Black survey reported that they have established threat hunting teams.

Bank hackers aren’t just sitting idly by as financial institutions respond to threats. One quarter of survey respondents reported that attackers adapted and reacted to defender actions with counter incident response efforts.

While ransomware attacks aim to yield a direct financial gain for hackers, Carbon Black found that some attackers have destructive aims. One in 10 respondents reported their financial institutions encountered destructive attacks that included wipers and cryptoware that does not demand ransom.

Looking beyond just direct attacks, 44 percent of respondents to the Carbon Black survey reported that they are concerned with the security posture of their supply chain and technology service providers.

Attacks can come from anywhere in the world, but when asked which country’s cyber-hacking activities are of most concern, the majority of CISOs surveyed by Carbon Black said Russia.