Malware spotlight: Fileless malware


Fileless malware is a malicious technique that uses existing software, legitimate applications, operating system files and the authorized protocols of the victim’s machine to achieve their goals. Fileless malware leaves no footprint because it is not a file-based attack that requires the downloading of executable files on the infected system. Rather, this attack is memory-based, and this is why detecting it is a daunting task.

According to Symantec’s 2019 Internet Security Threat Report, fileless malware is growing rapidly. It is now one of the most substantial digital infiltration threats to organizations.

In this article, we will go through what fileless malware is, its common types and how it works, as well as prevention techniques used to get rid of it.

What are the common types of fileless malware attacks?

Fileless malware attacks are divided into three primary categories:

  1. Script-based techniques: This may not be completely fileless. However, their detection can be difficult. Examples of these attacks include Operation Cobalt Kitty and SamSam ransomware
  2. Memory code injection: This technique is used to hide malicious code in the memory of legitimate software programs. Some processes are critical for proper Windows functionality. Fileless malware disseminates and re-injects itself into these processes in order to help hackers accomplish their malicious targets
  3. Windows registry manipulation: Using this technique, malware attackers utilize a link or malicious file (when clicked on) that involves Windows processes to write and execute fileless malware code into the Windows registry. Poweliks and Kovter are examples of this type of attack

What is the difference between fileless malware and traditional malware?

In the past, the malware was simply an executable file written to perform malicious acts on a victim’s computer. There was an easy solution: the antivirus vendors would create signatures for these files in order to detect static pieces of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: