Clark Computer Services


Chuck's Cyber Wall

As we start 2022, cybersecurity professionals are tracking an evolving cyber threat known as Fileless Malware. This malicious activity uses administrative tools built into the operating system to execute a cyber attack. Unlike common malware, this attack does not require any code to be inserted or installed onto a device, making it significantly more difficult to detect.

Because nothing gets installed on the computer, this type of malware evades most antivirus and security programs. Even worse, primarily carried out by phishing attacks, cybercriminals do not need to target organizations or individuals. Truly opportunistic, they send out mass emails to lists purchased off the dark web and wait to see who falls for the bait.

But that’s not all.

When they target with spear-phishing campaigns, using personal information from victims or organizations, these attacks have a nearly 70% open rate.

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat malware folder icon


While Fileless Malware itself has been around since 2017. CISA issued a warning in September of 2020, and in November of 2021, we began to see scripting attacks on registry files. These phishing campaigns use embedded links to send users to a website that uses Flash to trigger the exploit, launching code that runs the exploit only in RAM.

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat how malware works cycle

The scripts initiate specific processes that run a sophisticated registry manipulation, using threads with persistent effects and temporary storage to bypass security. All of that means that they make changes to system files to gain control over the device without installing any software. In addition, the executable script is encoded to execute before runtime, meaning that it returns after a reboot without ever being permanently written to a disk.


In the “Recommended Charts” pop-up, you’ll see two tabs up at the top. If you click “All Charts,” you’ll see every possible chart type that you can use to represent your data. In this example, I will be working with a Column Chart, so I will click “Column” in the left-hand options and select my preferred graph. Once I hit OK, the chart will appear next to my data in the spreadsheet.


Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat praying mantis at computer

The creators of this registry attack know their way around system files, taking advantage of the complexity of the operating system to work underneath or around security tools. Of the numerous ways attacks can be carried out, one of the more dangerous is the first stage for ransomware attacks.

The mass exposure nature of the attack allows advanced cybercriminals to distribute the Fileless Malware to less capable colleagues to gain a foothold in vulnerable systems. Once access is gained, the code automatically communicates back to the domain operator controls set by the creator. In this way, the workload of infecting systems and operating the ransomware is shared, allowing for more effective and numerous attacks.

It is a significant evolution in cyberattacks.


Just as cybercriminals evolve their attacks, the cybersecurity industry learns how to defend against them. One of the most important ways to stop Fileless Attacks is to run software updates and perform regular maintenance. The most often breached systems are those that run older software or are missing security updates.

Another key to stopping these attacks is managing user rights – no one should ever use an admin account to do business or surf the net. A mindset of ownership often tempts users to elevate themselves to admins on personal devices, as does a lack of structure and security awareness in small businesses. Using an admin account leaves no room for error – one wrong click can destroy an entire network.

Finally, we have security awareness training. Security is only as good as the most unaware user. Because these attacks rely on phishing and spear-phishing to gain access to the network, educating users on how to spot these attacks is imperative to stop them.

Each phase of these campaigns requires a vulnerability to be exploited. By closing off these vulnerabilities, we protect the systems from attack.

Fileless Malware - Evolving Cyberthreat | Chuck's Cyber Wall | Chuck’s Cyber Wall – Fileless Malware: An Evolving Threat digital lock on world map
4 1 vote
Rate This Post
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x