Fileless Malware: A New Trend?

Fileless Malware: A New Trend?

by Adam
August 18, 2022

Fileless malware is a significant threat difficult to detect. A secondary concern with fileless malware is that it can often bypass current security controls and penetrate the system through the attack surface of legitimate programs. Fileless malware is not always easy to understand. Here we will look closer at fileless malware, and its different ways to compromise users at the micro level.

What is Fileless Malware?

Fileless malware is a type of malicious software that does not require installation on the computer. Such malware hides in the computer system and piggybacks on legitimate programs by performing malicious activity. Fileless malware is not file-based but memory-based. In other words, it leaves no footprint to be detected. 

Fileless malware is a malicious code injected into some running process and executed only in RAM. Fileless malware exploits the system vulnerability and writes itself directly into memory. Fileless malware attacks can be hidden in documents and within documents.

What does Fileless Malware do?

Fileless malware like regular malware uses a computer’s system software, applications, and protocols to install malicious activity. Fileless malware activity ends when the system reboots. 

Examples of such activities can be the following: 

  • Phishing emails
  • Malicious downloads
  • Malicious code injection in the already installed applications
  • Malicious websites legitimate-looking alike (allow the code to run into the browser memory)
  • Exploiting system vulnerability
  • Initial access for stealing credentials or information

What are the types of Fileless Malware attacks?

Script-based attack

It is not completely fileless but still is difficult to spot. Script-based attack, known as SamSam ransomware, is a semi-fileless attack that, while used, does not allow the payload to be analysed without the initial script. The only way to capture the attack is to spot it while it happens. 

Windows registry manipulation

It involves the usage of a malicious file that uses a normal Windows process to write fileless code into the registry. 

Memory code injection

It hides malicious code in the memory of legitimate applications. When Windows activity is running, such malware reinjects itself into the running processes. 

How to stay protected from Fileless Malware?

We suggest:

  • Continuous monitoring of phishing emails. Be aware of phishing email signs 
  • Continuous monitoring of incoming and outgoing network traffic
  • Constant memory analysis
  • Conscious when downloading and installing new applications
  • Having up-to-date software applications
  • Having up-to-date browser

Fileless malware can be spotted. It requires a complex approach to a problem. Fileless malware attacks rely only on human vulnerability. It means that user behaviour is the central focus of cyber security.

With fileless malware, attackers have found a way to infect your computer without using files. Book a demo to learn how you can improve your human part of cyber security. 

Related Stories

July 28, 2022

Cyber Security Skills Gap and Why It’s Making You Vulnerable

Why do people need Cyber Security tools that are easy to understand and provide reporting assets. Read more here.

January 6, 2022

Know about cyber attacks before they happen

Insufficient security measures led to almost 57% of social engineering cyber attacks on businesses in 2021 - and they were more frequent and targeted too!

June 24, 2021

Timing is (almost) everything with phishing

The best spear phishing attacks are timely. Which means they arrive in the inbox of the target exactly when it is relevant to the target.