Fileless Malware attacks
Fileless Malware attacks also known as Non-Malware attacks. They use a typical set of techniques to get into your systems without using any detectable malware file. In the past few years, the attackers have become smarter and have developed many different ways to launch the attack. Fileless malware infects the computers leaving behind no file on the local hard drive, sidestepping the traditional security and forensics tools. The fileless malware resides in the Random Access Memory of your computer system, and no antivirus program inspects the memory directly – so it is the safest mode for the attackers to intrude in your PC and steal all your data. Even the best antivirus programs sometimes miss the malware running in the memory. Some of the recent Fileless Malware infections that have infected computer systems worldwide are – Kovter, USB Thief, PowerSniff, Poweliks, PhaseBot, Duqu2, etc.
How does Fileless Malware work
The fileless malware when it lands into the Memory can deploy your native and system administrative Windows built-in tools like PowerShell, SC.exe, and netsh.exe to run the malicious code and get the admin access to your system, so as to carry out the commands and steal your data. Fileless Malware sometime may also hide in Rootkits or the Registry of the Windows operating system. Once in, the attackers use the Windows Thumbnail cache to hide the malware mechanism. However, the malware still needs a static binary to enter the host PC, and email is the most common medium used for the same. When the user clicks on the malicious attachment, it writes an encrypted payload file in the Windows Registry. Fileless Malware is also known to use tools like Mimikatz and Metaspoilt to inject the code into your PC’s memory and read the data stored there. These tools help the attackers to intrude deeper into your PC and steal all your data.
Behavioral analytics and Fileless malware
Since most of the regular antivirus programs use signatures to identify a malware file, the fileless malware is hard to detect. Thus, security firms use behavioral analytics to detect malware. This new security solution is designed to tackle the previous attacks and behavior of the users and computers. Any abnormal behavior which points to malicious content is then notified with alerts. When no endpoint solution can detect the fileless malware, behavioral analytics detects any anomalous behavior such as suspicious login activity, unusual working hours or use of any atypical resource. This security solution captures the event data during the sessions where users use any application, browse a website, play games, interacts on social media, etc.
How to protect against & detect Fileless Malware
Follow the basic precautions to secure your Windows computer:
Apply all the latest Windows Updates – especially the security updates to your operating system.Make sure that all your installed software is patched and updated to their latest versionsUse a good security product that can efficiently scan your computer’s memory and also block malicious web pages that may be hosting Exploits. It should offer Behavior monitoring, Memory scanning, and Boot Sector protection.Be careful before downloading any email attachments. This is to avoid downloading the payload.Use a strong Firewall that lets you effectively control Network traffic.
Read next: What are Living Off The Land attacks?