In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco.
Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored on the hard drive. Cisco flagged threats like Kovter, Poweliks, Divergent and LemonDuck as the most common fileless malware.
Another prevalent critical threat to endpoints in the first half was dual-use tools that are typically leveraged for both exploitation and post-exploitation tasks. Examples in circulation include PowerShell Empire, Cobalt Strike, Powersploit and Metasploit, according to Cisco.