Fileless malware: Are you at risk?

Over the past few years, the security industry has been witnessing a rapid evolution in attack techniques, including fileless malware, which uses legitimate tools and services such as existing software, applications, and authorized protocols to carry out malicious activities such as unauthorized data retrieval or data damage. It therefore pays to stay abreast of such threats.

What is fileless malware?

Fileless malware is stored in random access memory (RAM) instead of on the hard drive. In a typical fileless infection, payloads can be injected into the memory of existing software or applications by running scripts within whitelisted or authenticated applications such as PowerShell, which is designed to automate system administration tasks such as view all USB devices, drives, and services installed in the system, schedule a series of demands, or terminate processes (i.e., Task Manager).

Because there are no files to trace, fileless malware escapes detection from most antimalware programs, especially those that use databases of precedents. Furthermore, most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a difficult time establishing where to start looking. Fileless malware isn’t as visible compared to traditional malware. They employ a variety of techniques to stay persistent, and can adversely affect the integrity of a business’s process and the infrastructures that run them.

Fileless malware by the numbers

Cybersecurity firm Kaspersky Lab first discovered a type of fileless malware on its very own network a couple of years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

In November 2016, attacks using fileless malware saw an uptick of 13% according to a report. In the same quarter, attacks surged 33% compared to the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on more than 12,000 unique machines.

Kaspersky Lab uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.

In 2018, cybersecurity firm Trend Micro detected a rising trend of fileless threats throughout the first half of the year.

Is your business at risk?

It is unlikely your business would have been targeted in the earliest stages of this particular strain of malware, but it’s better to be safe than sorry. Businesses should practice defense in depth, where multilayered safeguards are implemented to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations do?

While your business might not be in immediate danger, you should employ solutions that analyze trends in behavior. It is also wise to invest in a managed service provider that offers 24/7 network monitoring, proper patches, and software updates.

If you would like to discuss this more or have us perform a Security Audit, call us at 336-776-0060 to schedule an appointment.