In the constant cat and mouse game between cyber attackers and cyber security professionals, new areas of focus come into play every few months or so. Hackers continually probe for new weaknesses, and security personnel counter those moves by shoring up defenses in those same areas.
Since antivirus software has become so good at protecting networks and computer systems, hackers have had to find other ways to breach systems and carry out their insidious attacks. File-less malware has undoubtedly been developed by hackers in response to the efficiency and effectiveness of traditional file-based software and security measures. With this relatively new threat poised to run rampant, here are some things you can do to counteract infection by file-less malware.
What Fileless Malware is
Traditional malware made use of executable files that would attack computer networks, primarily by delivering executable files through phishing attempts and specific hacking efforts against systems. To counteract this, companies were forced to implement cyber security training for their employees, and to ensure that the latest antivirus software was always being installed to catch any attacks being made.
File-less malware completely bypasses the security protocols in place for an organization, and instead relies on manipulating macros in existing software applications used by a company. Powershell and other programs which have scripting capabilities are ideal, because executables can be hidden within such applications, and manipulated by hackers for their own intentions.
Hackers have also been writing more efficient code which does not drag down system resources to give itself away, through slowed performance. These kinds of in-program malware scripts have capabilities that are extremely versatile, and which can be manipulated by a hacker to collect data, to infiltrate secure or sensitive data, to monitor user behavior, and to escalate privileges, so as to make traditional hacking methods easier to implement.
Once scripts like these are in place, data can be hijacked outside the network, with no real traces of the activity which caused the hijacking. Since files are not altered in any way, the attacks very often go unnoticed, because file scanning software will not detect them. Even worse, some file-less malware operates in such a stealthy way that no immediate damage is caused to any system, but enough doors are opened for future incursions, that a longer-term weakness can be exploited sometime in the future.
Example of a Fileless Malware Attack
Reducing Your Risk of Fileless Malware Attacks
First of all, you should review your current malware detection software as well as your antivirus software, and even all email systems within the company. It could be that you encounter settings which automatically disable macros in any files which are received in. You should also check to determine whether software can use behavior-based detection methods to identify possible breaches.
To the greatest extent possible, you should shore up your endpoint security, meaning that every connected device which touches the Internet has all security patches applied and that all software is updated against attack.
The exploitation kits which are developed by hackers run in browsers, and are all hosted on websites where they have taken a great deal of time to create, which means that they seldom move around. This means that they can be avoided, so by using your antivirus capabilities to block specific websites, you can go a long way toward eliminating the possibility of having exploitation kits infect your network.
Another good measure to take in the fight against file-less malware is to make sure all staff members are aware of the best security practices. By keeping your staff alert to security possibilities, phishing attacks can be reduced or eliminated, and the risk of file-less malware attacks right along with them. Make sure your staff members understand that it’s better to speak up, when any kind of security issue may have arisen, than to be silent and allow a breach to be exploited by hacker.
Whatever kind of software you might currently be using, you might be able to emphasize the visibility of any system weaknesses you have through logging efforts. Logging might be tedious and a hassle to review every day, but it can point out unusual activity that’s worth investigating, so that any kind of breach attempt can be thwarted. Your IT team and your cyber security team can monitor all logging files created, so that any suspicious activity carried out on your network is spotted immediately, and hopefully halted before a penetration occurs.