Cyber criminals are much like cockroaches, i.e. they are continuously adapting. When new security measures are developed and rolled out, they will get to work, finding a loophole that they can exploit. Simply put, they adapt to keep pace in similar ways that organizations adapt. No matter how well an organization advances their methods to conduct business, cyber criminals are right beside advancing their methods of attack as well. A recent development in cyber crime tradecraft is fileless malware. While this trend of attacks have already emerged a few years ago, they have gained significant prominence in late 2016 and throughout 2017.
What is Fileless Malware?
Also known as non-malware, fileless malware leverages Windows Management Instrumentation, macros, PowerShell, and other on-system tools or on-system scripting functionality to perform, execute, and propagate whatever tasks the malware was developed to do. Due to the flexibility and capabilities of the targeted tools, this malware can employ them to perform what traditional malware can do, including cryptocurrency mining, data exfiltration and collection, snooping on user behavior, and more. It is often used as a stepping stone for cyber criminals to forward an infiltration campaign.
How come fileless malware cannot be detected? Because it refrains from writing information to the filesystem. Most anti-virus programs work by file scanning, to detect malicious code. While looking through all the files on a host, it will tally malware signatures against a known list. As fileless malware leaves nothing to detect, an attacker enjoys longer dwell time in your system before being detected.
It’s Not A New Threat!
You should keep in mind that fileless malware is not entirely new. Remember 1999’s Melissa virus? The one that caused many disruptions on affected filesystem. The things that are different now, is that cyber criminals deliberately and specifically employ these techniques to evade detection.
Should You be Worried?
Fileless attacks are 10X more likely to be successful than file-based attacks. That’s why technologists need to be alert to the rise of this malware. So, how does it affect those that are conducting business? First, it impacts how you execute and plan your response to malware attacks. As mentioned this fileless virus circumvents conventional techniques used to mitigate attacks. Second, it alters your vision. This means that it distracts you from real attacker activity. You need to start looking at other indicators. Read on to find out how you can protect your organization:
How to Prevent Fileless Malware
Today, cyber threats protection has become even more important. Find out how you can combat fileless malware.
- Try script block logging: This allows you to keep a record of whatever code has been executed. This practice supports detective capability and the records can be used in subsequent investigation procedures.
- Change of strategy: Consider taking a systematic approach to locking down potential mechanisms that may be a target of the malware. PowerShell 5 is known to help enhance and expand logging capabilities to give security teams greater visibility into how targeted mechanisms are being utilized. Engaging a managed security provider is a useful starting point.
- Maximize existing malware prevention and detection software: Start enabling behavior-based detection capability in the endpoint protection products you are using.
- Maintain and patch a hardened endpoint: It is a move not only to fight off fileless malware attacks, but also for an array of other reasons as well.