What Is a Fileless Malware Attack?
A fileless malware attack is a type of cyberattack that hijacks system resources to attack the host system.
Traditional malware attacks require attackers to install malicious code on the target’s system. But fileless malware does not rely on new code. Instead, the code is reprogrammed to suit the attackers’ goal.
Fileless malware is particularly threatening due to its ability to avoid traditional file-based detection. The number of fileless malware attacks doubled in 2018 and has been steadily rising ever since.
How Fileless Malware Works
- The attacker gains remote access to the target’s system by exploiting a web scripting vulnerability.
- The attacker obtains credentials to the environment to move quickly across the system.
- The attacker then modifies the registry to create a backdoor, so they continue to return to the environment undetected.
- The attacker gathers data before compressing it using built-in system utilities.
- The attacker removes the data from the environment by uploading it with FTP.
Windows Registry Manipulation
Memory Code Injection
Script-Based Techniques
How to Detect Fileless Malware
1. Look for Indicators of Attack
Indicators of Attack (IOAs) and Indicators of Compromise (IOCs) are helpful cybersecurity insights, but IOAs are more effective at detecting fileless malware attacks. IOCs focus on the steps of how an attack will potentially execute, while IOAs look for signs that an attack is currently in progress.
These signs include code execution, lateral movements, and other actions that appear to cloak their intentions. Solutions that identify IOAs look for events that all types of malware must execute to steal data, not just code changes.
2. Employ Managed Threat Hunting
Threat hunting is time-consuming and labor-intensive, but it’s crucial to discover fileless malware attacks. This is especially true in an age where malware and other cyber threats have risen since the pandemic. It requires the aggregation and normalization of extensive data, which is why many organizations choose a provider that offers managed threat hunting services.
Well-managed threat hunting services help users prepare for an attack by enabling security teams with effective threat hunting tools and support to reduce the impact of an attack. Managed threat hunting tools enable deep insights and forensics within weeks of implementation.