WikiLeaks’ CIA revelations highlight emergence of non-malware attacks

The recent leaks of classified CIA information fundamentally demonstrate very real implications for the entire security community. Given the ubiquity of mobile phones and IoT devices, there’s a strong possibility that more hackers will use the revealed tools and vulnerabilities on a mass scale.

There are fears that the disclosure of the hacking tools used by the CIA could reasonably be expected to cause serious damages to any country’s national security. There are also claims that it would allow hostile entities to discover and take control of the current intelligence gathering methods used by the CIA.

Some of the tools that could be utilised are outlined in the Carbon Black 2016 threat report, including non-malware, or fileless, attacks. Non-malware attacks are capable of gaining control of computers without downloading any files using trusted native operating system tools such as Windows PowerShell as the execution vector. PowerShell is installed by default on all Microsoft operating systems since Windows Vista. After leveraging PowerShell, attackers are exploiting running applications, such as web browsers and Office applications, to conduct malicious behaviour.

Non-malware attacks are posing a significant risk to organisations because these kinds of attacks are often successful and have been on the rise of late. In its study, Carbon Black released research encompassing data from more than 1,000 customers. The research found that instances of severe non-malware attacks grew throughout 2016. Additionally, over a 90-day period about one-third of organisations encountered at least one severe non-malware attack.

In the UK cyber-crime is ­overtaking ­traditional crime and is one of the top five risks faced by businesses and individuals and hackers are now turning their focus to smaller businesses. Although a cyber attack on a smaller enterprise is unlikely to create the same level of publicity garnered by the hacking of a multinational such as Yahoo, Tesco or TalkTalk, it doesn’t mean SMEs are safe. Data held by small and medium-sized enterprises is becoming increasingly valuable to cyber criminals.

A key aspect to consider with the CIA’s latest leaks is that there will always be new vulnerabilities and new techniques. The goal for leading security vendors (and the security community as a whole) is to quickly remediate them globally. CIOs, wherever they work, need to be alert to the danger posed by both malware and non-malware threats.

The CIA revelations courtesy of WikiLeaks once again reinforce the need for organisations, and individuals, to be vigilant at a time when cybercrime is on the rise and creating huge financial windfalls for cybercriminals. New forms of attack are targeting a wide range of industries, meaning detection and prevention of threats is absolutely paramount in order to keep attackers at bay.

The continued rise of non-malware attacks suggests this will likely be among CIOs’ biggest problem this year and will certainly require very careful monitoring and controlling by security teams. It is clear that CIOs need to make sure they have the right security solution in place such as a Next-Generation Antivirus (NGAV), which is capable of seeing and stopping both malware and non-malware attacks.

The CIA leaks are a clarion call to security professionals everywhere that attackers will do everything in their power to gain hold of, and monetize, sensitive information. Non-malware attacks are the latest iteration of attackers’ creativity to steal that information. Attackers are evolving. We should be evolving our defences.

By Eric O’ Neill, National Security Strategist, Carbon Black

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.