How is malware getting in?
Across the IR cases handled by the CrowdStrike team, the most prevalent ways attackers first gained a foothold in a target environment was web server, web application, web shell exploits or file uploaders (37%), remote access (23%), supply chain compromise (12%), social engineering such as phishing (11%), cloud-based service exploits and attacks against externally accessible email portals or other unauthorised access (11%), and reconnaissance only or other (6%).
Malware-free attacks made up the majority of attacks (66%). CrowdStrike defines malware-free attacks as those where the initial tactic did not result in a file or file fragment being written to disk. Examples include attacks where code executes from memory or where stolen credentials are used for remote logins.
Attackers can also exploit inherent weaknesses in the client IT infrastructure, which present intrusion opportunities for attackers who do not want to leave traces of their