FILELESS MALWARE: AN EVOLVING CYBERTHREAT
Chuck's Cyber Wall
As we start 2022, cybersecurity professionals are tracking an evolving cyber threat known as Fileless Malware. This malicious activity uses administrative tools built into the operating system to execute a cyber attack. Unlike common malware, this attack does not require any code to be inserted or installed onto a device, making it significantly more difficult to detect.
Because nothing gets installed on the computer, this type of malware evades most antivirus and security programs. Even worse, primarily carried out by phishing attacks, cybercriminals do not need to target organizations or individuals. Truly opportunistic, they send out mass emails to lists purchased off the dark web and wait to see who falls for the bait.
But that’s not all.
When they target with spear-phishing campaigns, using personal information from victims or organizations, these attacks have a nearly 70% open rate.
HOW FILELESS MALWARE WORKS
While Fileless Malware itself has been around since 2017. CISA issued a warning in September of 2020, and in November of 2021, we began to see scripting attacks on registry files. These phishing campaigns use embedded links to send users to a website that uses Flash to trigger the exploit, launching code that runs the exploit only in RAM.
The scripts initiate specific processes that run a sophisticated registry manipulation, using threads with persistent effects and temporary storage to bypass security. All of that means that they make changes to system files to gain control over the device without installing any software. In addition, the executable script is encoded to execute before runtime, meaning that it returns after a reboot without ever being permanently written to a disk.
In the “Recommended Charts” pop-up, you’ll see two tabs up at the top. If you click “All Charts,” you’ll see every possible chart type that you can use to represent your data. In this example, I will be working with a Column Chart, so I will click “Column” in the left-hand options and select my preferred graph. Once I hit OK, the chart will appear next to my data in the spreadsheet.
A SOPHISTICATED ATTACK
The creators of this registry attack know their way around system files, taking advantage of the complexity of the operating system to work underneath or around security tools. Of the numerous ways attacks can be carried out, one of the more dangerous is the first stage for ransomware attacks.
The mass exposure nature of the attack allows advanced cybercriminals to distribute the Fileless Malware to less capable colleagues to gain a foothold in vulnerable systems. Once access is gained, the code automatically communicates back to the domain operator controls set by the creator. In this way, the workload of infecting systems and operating the ransomware is shared, allowing for more effective and numerous attacks.
It is a significant evolution in cyberattacks.
DEFENDING AGAINST FILELESS MALWARE ATTACKS
Just as cybercriminals evolve their attacks, the cybersecurity industry learns how to defend against them. One of the most important ways to stop Fileless Attacks is to run software updates and perform regular maintenance. The most often breached systems are those that run older software or are missing security updates.
Another key to stopping these attacks is managing user rights – no one should ever use an admin account to do business or surf the net. A mindset of ownership often tempts users to elevate themselves to admins on personal devices, as does a lack of structure and security awareness in small businesses. Using an admin account leaves no room for error – one wrong click can destroy an entire network.
Finally, we have security awareness training. Security is only as good as the most unaware user. Because these attacks rely on phishing and spear-phishing to gain access to the network, educating users on how to spot these attacks is imperative to stop them.
Each phase of these campaigns requires a vulnerability to be exploited. By closing off these vulnerabilities, we protect the systems from attack.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com