Nmedia - Fotolia

Non-malware attacks pose bigger threat than malicious software

Malware-free cyber attacks are on the rise and artificial intelligence in cyber security is still far from replacing humans, according to most cyber security researchers

Non-malware attacks pose a greater risk to business than commodity malware, according to 93% of more than 400 cyber security researchers polled by security firm Carbon Black.

Nearly two-thirds of respondents said they had seen an increase in non-malware attacks since the beginning of 2016, according to the research report.

These non-malware attacks are increasingly using native system tools, such as Microsoft’s Windows PowerShell, to conduct nefarious actions, researchers reported.

Some researchers believe non-malware attacks will become so widespread and target even the smallest businesses that users will become familiar with them.

While most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, researchers said users rarely consider proactive and targeted attacks.

The survey also revealed that 87% of cyber security researchers do not yet trust artificial intelligence (AI) and machine learning (ML) to replace human decision making in security.

AI is considered by most cyber security researchers to be in its nascent stages and not yet able to replace human decision making in cyber security.

Some 87% of the researchers said it was likely to take at least three more years of refinement before AI could be trusted to lead cyber security decisions.

Three-quarters said AI-driven cyber security solutions were still flawed, while 70% said security systems driven by machine learning (ML) could be bypassed by attackers. Nearly a third said attackers could “easily” bypass ML-driven security.

Read more about AI and cyber security

  • Former Google chief says artificial intelligence could be applied in internet of things security, but the technology is still a long way from Hollywood scenarios.
  • Artificial intelligence-led cyber security technology has been in the spotlight at two major industry conferences in Las Vegas, signalling a firm trend in cyber defence research.
  • Cyber attackers are turning to machine learning to create smarter attacks, and defenders will require similar technology to detect them, warns Darktrace.

Cyber security talent, resourcing and trust in executives continue to be top challenges plaguing many businesses, the research report said.

“Based on how researchers perceive current AI-driven security solutions, cyber security is still very much a ‘human vs human’ battle, even with the increased levels of automation seen on both the offensive and defensive sides of the battlefield,” said Michael Viscuso, Carbon Black co-founder and CTO.

“The fault with machine learning exists in how much emphasis organisations may be placing on it and how they are using it,” he said.

While static, analysis-based approaches relying exclusively on files have historically been popular, Viscuso said they had not proven sufficient for reliably detecting new attacks. “Rather, the most resilient ML approaches involve dynamic analysis, which evaluates programs based on the actions they take.”

Read more on Hackers and cybercrime prevention