It is a trend that is not going away – cybercriminals will always be attempting to circumvent security defenses with the assistance of increasingly sophisticated techniques. This leads us to the so-called fileless malware where the effectiveness of an attack goes beyond expectations. A perfect illustration here is the scale of two infamous ransomware outbreaks that happened last year – Petya and WannaCry both of which deployed fileless techniques as part of their kill chains.
As explained by Microsoft in an overview on fileless malware, the idea behind fileless malware is simple: if tools already exist on a device, such as PowerShell.exe, to fulfill an attacker’s objectives, then why drop custom tools that could be flagged as malware? If a cybercriminal can take over a process, run code in its memory space, and then use that code to call tools that are already on a device, the attack becomes stealthy and nearly impossible to detect.
The Increasing Use of PowerShell in Fileless Malware Distribution
Malicious PowerShell attacks, in particular, increased by 661 percent from the last half of 2017 to the first half of 2018, and doubled from the first quarter to the second of 2018, as evident by a detailed Symantec report.
The preinstalled and versatile Windows PowerShell has become one of the most popular choices in cybercriminals’ attack arsenals, the researchers said. There has been an increase of 661 percent in computers where malicious PowerShell activity was blocked from the second half of 2017 to the first half of 2018 — a clear indication that malware operators are still largely relying on the deployment of PowerShell in their attacks.
PowerShell-based techniques are especially valid for fileless malware campaigns where no file is written to disk, like (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/powershell-malware-attacks-2018/