Fileless Malware: An Evolving Cyberthreat


Fileless Malware an Evolving Cyberthreat ImageAs we start 2022, cybersecurity professionals are tracking an evolving cyber threat known as Fileless Malware. This malicious activity uses administrative tools built into the operating system to execute a cyber attack. Unlike common malware, this attack does not require any code to be inserted or installed onto a device, making it significantly more difficult to detect.

Because nothing gets installed on the computer, this type of malware evades most antivirus and security programs. Even worse, primarily carried out by phishing attacks, cybercriminals do not need to target organizations or individuals. Truly opportunistic, they send out mass emails to lists purchased off the dark web and wait to see who falls for the bait.

But that’s not all.

When they target with spear-phishing campaigns, using personal information from victims or organizations, these attacks have a nearly 70% open rate.

How Fileless Malware Works

While Fileless Malware itself has been around since 2017. CISA issued a warning in September of 2020, and in November of 2021, we began to see scripting attacks on registry files. These phishing campaigns use embedded links to send users to a website that uses Flash to trigger the exploit, launching code that runs the exploit only in RAM.

Fileless Malware Infection Process Image

The scripts initiate specific processes that run a sophisticated registry manipulation, using threads with persistent effects and temporary storage to bypass security. All of that means that they make changes to system files to gain control over the device without installing any software. In addition, the executable script is encoded to execute before runtime, meaning that it returns after a reboot without ever being permanently written to a disk.

Fileless Malware Sophisticated AttackA Sophisticated Attack

The creators of this registry attack know their way around system files, taking advantage of the complexity of the operating system to work underneath or around security tools. Of the numerous ways attacks can be carried out, one of the more dangerous is the first stage for ransomware attacks.

The mass exposure nature of the attack allows advanced cybercriminals to distribute the Fileless Malware to less capable colleagues to gain a foothold in vulnerable systems. Once access is gained, the code automatically communicates back to the domain operator controls set by the creator. In this way, the workload of infecting systems and operating the ransomware is shared, allowing for more effective and numerous attacks.

It is a significant evolution in cyberattacks.

Defending Against Fileless Malware Attacks

Just as cybercriminals evolve their attacks, the cybersecurity industry learns how to defend against them. One of the most important ways to stop Fileless Attacks is to run software updates and perform regular maintenance. The most often breached systems are those that run older software or are missing security updates.

Fileless Malware Defending ImageAnother key to stopping these attacks is managing user rights – no one should ever use an admin account to do business or surf the net. A mindset of ownership often tempts users to elevate themselves to admins on personal devices, as does a lack of structure and security awareness in small businesses. Using an admin account leaves no room for error – one wrong click can destroy an entire network.

Finally, we have security awareness training. Security is only as good as the most unaware user. Because these attacks rely on phishing and spear-phishing to gain access to the network, educating users on how to spot these attacks is imperative to stop them.

Each phase of these campaigns requires a vulnerability to be exploited. By closing off these vulnerabilities, we protect the systems from attack.


0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments