Clark Computer Services

FILELESS MALWARE: AN EVOLVING CYBERTHREAT

Chuck's Cyber Wall

Cybersecurity professionals have seen a recent uptick in Fileless Malware. This malicious activity uses administrative tools built into the operating system to execute a cyber attack. Unlike common malware, this attack does not require any code to be inserted or installed onto a device, making it significantly more difficult to detect.

Because nothing gets installed on the computer, this type of malware evades most antivirus and security programs. Even worse, primarily carried out by phishing attacks, cybercriminals do not need to target organizations or individuals. Truly opportunistic, they send out mass emails to lists purchased off the dark web and wait to see who falls for the bait.

But that’s not all.

When they target with spear-phishing campaigns, using personal information from victims or organizations, these attacks have a nearly 70% open rate.

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat malware folder icon

HOW FILELESS MALWARE WORKS

While Fileless Malware itself has been around for several years. CISA has issued multiple warnings, and we’ve seen scripting attacks on registry files. These phishing campaigns use embedded links to send users to a website that triggers the exploit, launching code that runs it only in RAM.

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat how malware works cycle

The scripts initiate specific processes that run a sophisticated registry manipulation, using threads with persistent effects and temporary storage to bypass security. All of that means that they make changes to system files to gain control over the device without installing any software. In addition, the executable script is encoded to execute before runtime, meaning that it returns after a reboot without ever being permanently written to a disk.

A SOPHISTICATED ATTACK

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat praying mantis at computer

The creators of this registry attack know their way around system files, taking advantage of the complexity of the operating system to work underneath or around security tools. Of the numerous ways attacks can be carried out, one of the more dangerous is the first stage for ransomware attacks.

The mass exposure nature of the attack allows advanced cybercriminals to distribute the Fileless Malware to less capable colleagues to gain a foothold in vulnerable systems. Once access is gained, the code automatically communicates back to the domain operator controls set by the creator. In this way, the workload of infecting systems and operating the ransomware is shared, allowing for more effective and numerous attacks.

It is a significant evolution in cyberattacks.

DEFENDING AGAINST FILELESS MALWARE ATTACKS

Just as cybercriminals evolve their attacks, the cybersecurity industry learns how to defend against them. One of the most important ways to stop Fileless Attacks is to run software updates and perform regular maintenance. The most often breached systems are those that run older software or are missing security updates.

Another key to stopping these attacks is managing user rights – no one should ever use an admin account to do business or surf the net. A mindset of ownership often tempts users to elevate themselves to admins on personal devices, as does a lack of structure and security awareness in small businesses. Using an admin account leaves no room for error – one wrong click can destroy an entire network.

Finally, we have security awareness training. Security is only as good as the most unaware user. Because these attacks rely on phishing and spear-phishing to gain access to the network, educating users on how to spot these attacks is imperative to stop them.

Each phase of these campaigns requires a vulnerability to be exploited. By closing off these vulnerabilities, we protect the systems from attack.

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat digital lock on world map
4 1 vote
Rate This Post
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x