Once they have breached a system, most hackers no longer need malware, according to a new study by LightCyber, a provider of Behavioral Attack Detection solutions.

According to the company’s Cyber Weapons Report 2016, 99 percent of post-intrusion cyberattack activities used standard networking, IT administration and other tools.

“While malware was commonly used to initially compromise a host, once inside a network malicious actors did not typically utilize malware,” the company said in a statement. “As an example, Angry IP Scanner, an IP address and port scanner, was the most common tool associated with attack behavior, followed closely by Nmap, a network discovery and security auditing tool.”

The company said attackers use common networking tools to help avoid detection. LightCyber cited industry reports that said sophisticated attackers using these tools can work undetected for an average of five months.

The study was conducted over six months and involved organizations that ranged in size from 1,000 to 50,000 endpoints, spanning industries including finance, health care, transportation, government, telecommunications and technology.

Click here for a complete copy of the report: Cyber Weapons Report 2016

[ Image courtesy of Pixabay ]