Back to Blog

Over 90 percent of endpoint security incidents involve legitimate binaries

July 3, 2018

By: Brian Jackson

Cybercriminals use a variety of tactics to cloak their activity and that includes using trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources.

A new report from eSentire reveals that 91 percent of endpoint incidents detected in Q1 2018 involved known, legitimate binaries.

“eSentire Threat Intelligence data shows heavy use of legitimate Microsoft binaries, such as PowerShell and mshta.exe, popular tools for downloading and executing malicious code in the initial stages of a malware infection,” says Eldon Sprickerhoff, founder and chief security strategist, eSentire. “PowerShell can also be leveraged by adversaries to reduce their on-disk footprint and evade detective controls by operating in memory and obfuscating command-line parameters.”

The report also shows a dramatic increase in attacks targeting popular consumer-grade routers, like Netgear and Linksys (who between them have over three-quarters of the market) Researchers saw a 539 percent increase from Q4 2017 to Q1 2018. Increased targeting of routers was first observed in late 2017 when the Reaper Botnet gained media attention. Additionally, intrusion attempts across industries grew 36 percent, mostly due to DNS manipulation in consumer-grade routers. These attacks allow attackers to redirect victims to malicious infrastructure to achieve a variety of results, including malware and phishing landing pages.

“The increase in attacks against consumer network devices can be attributed to the perceived value in recruiting devices for attacks against businesses, as opposed to leveraging them as potential network entry-points,” says Sprickerhoff.

Other findings are that phishing rose 39 percent across industries, with DocuSign, Office 365, and OneDrive being the most popular lures. Office 365 showed the highest success rate and popularity for attacks, growing five fold over 2017.

More: https://betanews-com.cdn.ampproject.org/c/s/betanews.com/2018/06/29/security-legitimate-binaries/amp/

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.