FireEye Unveils Epidemic of Malware-Less Email Attacks

FireEye Unveils Epidemic of Malware-Less Email Attacks

Yesterday, endpoint protection platform provider FireEye released the results of their Email Threat Report. This report used a sample set of over half a billion emails sent between January 2018 and June 2018 from around the globe. Their results indicate a rise in malware-less email attacks, threatening enterprise perimeters and network security.

According to FireEye, only 32% of emails sent in 1H 2018 were “clean” and actually delivered to an inbox. Simultaneously, 1 in 101 emails carried malware or had a malicious motive. FireEye also discovered:

  • 90% of attacks blocked during analysis were malware-less.
  • 81% of blocked malware-less email attacks were phishing attacks.
  • Malware-less email attacks were most likely to occur on Thursdays. They were also more common on the weekend than malware-based attacks.

Malware-less emails attacks were born out of hackers’ need to subvert or bypass traditional endpoint protection platforms. Instead of downloading a malicious file a la malware, a malware-less attack will use a computer’s own native processes to disguise their actions. Without a file to scan, malware-less email attacks avoid traditional detection methods. Additionally, by hiding the malicious code in a native process, the malware-less attack is considered “white-labeled” by the system.

You can read more about the FireEye Email Threat Report and malware-less email attacks here. You can also read about the rise of fileless malware attacks here.   

Other Resources: 

You Need to Hire More Female Cybersecurity Professionals

In Focus: The Desperate Shortage of Women in Cyber Security

Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms (EPP): What’s Changed?

4 Tips For Endpoint Security Solutions (That Everyone Forgets)

Comparing the Top Endpoint Security Vendors — Solutions Review

Answering the Top 4 Enterprise Endpoint Security Questions

What Can We Expect for the Future of Endpoint Security?

Six Endpoint Security Vendors to Watch in 2018

The 25 Best Endpoint Security Platforms and Tools of 2018

Ben Canner
Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *