Hackers use 'cyber weapons' rather than malware to evade detection when deploying attacks, study finds

The recent alarming rise in malware and ransomware attacks has resulted in numerous informative reports generating awareness among the general public and cautioning them about malicious activities. A common misconception, however, is that hackers use malware to obtain sensitive user data, including personal and financial information. Security researchers have now disclosed that cybercriminals rarely use malware past the initial breaching of users' systems.

According to a new report by security firm LightCyber, cybercriminals use "sophisticated tools" or "cyber weapons" to compromise networks and steal information. "While malware is a part of their arsenal, it's typically used during the intrusion phase, rather than the active phase of an attack. Instead, attackers leverage hacking, admin, and remote access tools to expand across the network, take over more machines, and obtain sensitive data," the firm said.

The report found that 99% of "internal network reconnaissance and lateral movement" came from "legitimate" applications like scanner and riskware and not from malware. LightCyber also pointed out that hackers make use of IT admin tools such as network monitoring software, remote desktop access tools, as well as networking and hacking tools to obtain access to data. The firm cautioned: "By using these tools, attackers can remain undetected for months and quickly regain access even if the malware used to enter the network is identified and removed."

Unfortunately, given the anonymous nature of the data analysed, the odds of identifying and breaking down security threats geographically are slim to none. However, LightCyber claims that their data samples gathered "ranged in size from 1,000 to 50,000, spanning industries such as finance, healthcare, transportation, government, telecommunications, and technology".

According to the report, malware detection tools are "almost entirely fruitless" in identifying hackers' system penetrating operational activities. LightCyber also revealed that hackers exploit universal apps such as web browsers and native OS tools when conducting attacks. "In fact, web browsers like Chrome, Internet Explorer, and Firefox accounted for a sizeable amount of command and control activity," the firm said.

The firm advises organisations to employ threat investigative techniques that research the varied cyber weapons hackers use to deploy attacks. "To thwart attacks, organisations need to effectively monitor the entire "attack kill chain". By implementing defence-in-depth based on detecting anomalous attack behaviour as well as enforcing perimeter and endpoint prevention, organisations can stop the attacker at any stage of an attack and make sure that if one safeguard fails, another one can prevent a costly breach," LightCyber said.