99 percent of post-intrusion cyberattack activities did not employ malware, but rather admin, networking and remote access tools. The most common hacker objective related to attacks were an attempt to scout out a company s network, followed by lateral movement and then command-and-control communication. LightCyber 2016 Cyber Weapons Report gathered data during a six-month period on organizations that ranged in size from 1,000 to 50,000 endpoints, spanning industries such as finance, healthcare, transportation, government, telecommunications and technology.
Source: https://threatpost.com/most-post-intrusion-cyber-attacks-involve-everyday-admin-tools/119046/