The Fileless Malware Attacks Are Here To Stay
The development methodology of malware has changed drastically, something that cannot be ignored. A few years ago, the primary objective of the hackers was to rake profit and avoid detection. However, these criminals have realized that the longer they have an infected endpoint, the more money they make.
Then came fileless Malware, a kind of cyber-attacks that allow attackers to evade detection for much longer than the conventional methods. This gives them an upper hand over enterprise security because most the company use out-dated security solutions, which are not capable to detect fileless malware. Small to medium businesses (SMBs) lack sufficient security and IT staff and are particularly vulnerable to these threats.
Yes, filelesss malware attacks are increasing, but they can also be stopped. This article further gives you the details of what is in store.
Research by the Ponemon Institute, fileless malware attacks across the world was 35 percent of all cyber-attacks in 2018. This is almost 10 times more than what file-based attacks could achieve.
Although fileless malware does not have the reputation of ransomware and other attacking methods, fileless attacks can pose a major threat – and they are evolving according to as reported by Malwarebytes.
But the future is not so dismal: as with any threat, the security threats of fileless malware can be reduced through understanding and with the right counter-attack plan.
Understanding Fileless Malware Attacks
Unlike other types of malware that require the installation of software on the victim’s computer, fileless malware infects the computer’s memory. Fileless malware attacks can also abuse Windows, and dramatically change the performance of the operating system for their own users, by leveraging common tools such as PowerShell (which is built into Windows 8) for malicious activity.
It all starts with phishing emails, and as always the victim lands on the malicious websites, or through the use of infected USB flash memory sticks. The malware scans the computer for vulnerabilities – whether Flash has not been patched or Java plug-ins or almost all processes that affect PowerShell. The payload, then performs attacks using the user’s dynamic memory, e.g. B. by improving the browser process.
How the threats is not detected
Fileless malware does not write onto your disk. Instead, the malware lurks in memory using it as a hiding place such as PowerShell widely used by system administrators to automate tasks, Visual Basic (VB) scripts, and Windows Management Instrumentation (WMI). Fileless malware attacks, bypass contemporary anti-malware programs that typically scans for malicious files, which are then flagged for removal because there’s no file on a system. Lack of cookie crumbs also makes it tough for security teams to analyze the malware behavior later.
In addition, bad actors are equipping fileless malware with new abilities. These not only enable such attacks to evade detection, but their payloads can also deliver advanced infections. One concern for enterprises is that fileless attacks are “borrowing the propagation and anti-forensic techniques seen in the complex nation-state attacks.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.