Yesterday, endpoint protection platform provider FireEye released the results of their Email Threat Report. This report used a sample set of over half a billion emails sent between January 2018 and June 2018 from around the globe. Their results indicate a rise in malware-less email attacks, threatening enterprise perimeters and network security.
According to FireEye, only 32% of emails sent in 1H 2018 were “clean” and actually delivered to an inbox. Simultaneously, 1 in 101 emails carried malware or had a malicious motive. FireEye also discovered:
- 90% of attacks blocked during analysis were malware-less.
- 81% of blocked malware-less email attacks were phishing attacks.
- Malware-less email attacks were most likely to occur on Thursdays. They were also more common on the weekend than malware-based attacks.
Malware-less emails attacks were born out of hackers’ need to subvert or bypass traditional endpoint protection platforms. Instead of downloading a malicious file a la malware, a malware-less attack will use a computer’s own native processes to disguise their actions. Without a file to scan, malware-less email attacks avoid traditional detection methods. Additionally, by hiding the malicious code in a native process, the malware-less attack is considered “white-labeled” by the system.