SpyCloud Analysis Reveals that Endpoint Detection and Antivirus Options Miss Two-Thirds (66%) of Malware Infections – Newest Hacking Information

Austin, TX, USA, April seventh, 2025, CyberNewsWire

Deep visibility into malware-siphoned information may help shut gaps in conventional defenses earlier than they evolve into main cyber threats like ransomware and account takeover

SpyCloud, the main identification menace safety firm, as we speak launched new evaluation of its recaptured darknet information repository that reveals menace actors are more and more bypassing endpoint safety options: 66% of malware infections happen on units with endpoint safety options put in. SpyCloud gives integrations with main endpoint detection and response (EDR) merchandise, similar to Crowdstrike Falcon and Microsoft Defender, that shut this detection hole.

EDRs play a significant position in detecting, defending towards, and responding to threats on enterprise units. Regardless of superior AI detection and telemetry evaluation supplied in as we speak’s EDR options, trendy infostealer malware is designed to evade even probably the most subtle defenses, utilizing techniques like polymorphic malware, memory-only execution, and exploitation of zero-day vulnerabilities or outdated software program. The info speaks for itself: practically one in two company customers had been already the sufferer of a malware an infection in 2024, and within the 12 months prior, malware was the reason for 61% of all breaches. 

SpyCloud’s findings underscore that whereas EDR and antivirus (AV) instruments are important and block a variety of safety threats, no safety resolution can block 100% of assaults. Organizations must take a layered strategy to shut the gaps earlier than assaults progress deeper into their environments, leading to occasions like ransomware and account takeover.  

“When a malware an infection goes undetected, the implications will be catastrophic,” stated Damon Fleury, Chief Product Officer at SpyCloud. “We’re in an arms race on the endpoint, the place attackers are consistently evolving their techniques to skirt detection. SpyCloud gives a crucial line of protection – uncovering infostealer infections that evade EDRs and AVs, detecting when stolen information begins circulating within the prison underground, and mechanically feeding that intelligence again to the EDR to quarantine the gadget and start the post-infection remediation course of.”

By closing this visibility hole, SpyCloud EDR integrations present a brand new and highly effective safety mechanism. As soon as malware exfiltrates credentials, personally identifiable info (PII), or session cookies, that stolen information turns into a launchpad for additional entrenchment and compromise. SpyCloud helps cease cybercrime earlier than it occurs by figuring out these identification dangers early, mapping them again to impacted customers, units, and purposes, and sending actionable intelligence to a corporation’s EDR for response and remediation.  

“As identification turns into the safety perimeter, organizations want greater than device-level safety; they want perception into what their endpoint options are lacking,” added Fleury. “SpyCloud’s experience in accessing malware logs earlier than they’re broadly circulated amongst criminals allows quicker, extra focused responses wanted to handle infections, forestall lateral motion, and block disruptive follow-on actions like admin lockout and ransomware deployment.”

To study extra about how SpyCloud can increase endpoint safety technique and remediate malware infections that EDRs and AVs could miss, customers can register to affix SpyCloud’s upcoming digital occasion on April 10, the place consultants will stroll by means of the information, clarify the assault chain intimately, and demo how SpyCloud’s EDR integrations work in real-world situations. 

About SpyCloud

SpyCloud transforms recaptured darknet information to disrupt cybercrime. Its automated holistic identification menace safety options leverage superior analytics to proactively forestall ransomware and account takeover, safeguard worker and client accounts, and speed up cybercrime investigations. SpyCloud’s information from breaches, malware-infected units, and profitable phishes additionally powers many widespread darkish internet monitoring and identification theft safety choices. Clients embody seven of the Fortune 10, together with lots of of world enterprises, mid-sized firms, and authorities businesses worldwide. Headquartered in Austin, TX, SpyCloud is residence to greater than 200 cybersecurity consultants whose mission is to guard companies and customers from the stolen identification information criminals are utilizing to focus on them now.

To study extra and see insights, customers can go to spycloud.com.

Contact

Emily Brown
REQ on behalf of SpyCloud
[email protected]