Scanning the files you download is not enough to detect malware these days. Hackers have found a clever way to get around antivirus and anti-malware software by using fileless malware. Since this malware is not as visible as traditional malware, it can infect your entire infrastructure without you even knowing. Let’s take a closer look at how fileless malware works and what you can do to defend against them.
What is fileless malware?
Fileless malware is malicious software that doesn't rely on executable files to infect your infrastructure. Rather, it hides in your computer's random access memory (RAM) and uses trusted, legitimate processes such as Microsoft Office macros, PowerShell, and Windows Management Instrumentation (WMI).
Fileless malware isn’t as visible as traditional malware. Malware uses various techniques to stay persistent and can adversely affect the integrity of a business’s processes and the infrastructures that run them. Because there are no files to trace, fileless malware escapes detection from most anti-malware programs, especially those that use the databases of precedent threats. Automated sensors cannot recognize illicit scripts and cybersecurity analysts who train to identify them have a hard time establishing where to look.
Fileless malware by the numbers
In November 2016, attacks using fileless malware saw a 13% uptick, according to a report by Trend Micro. Also, in the third quarter of 2016, attacks were 33% higher than in the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on over 12,000 unique machines.
Kaspersky Lab uncovered over 140 infections across 40 different countries. Fileless malware were found in financial institutions and worked toward obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.
In 2018, Trend Micro also detected a rising trend of fileless threats throughout the first half of the year.
Is your business at risk?
It is unlikely that your business was a target in the earliest stages of this strain of malware, but it’s better to be safe than sorry. Businesses should practice defense-in-depth, with the implementation of multilayered safeguards to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations carry out?
While your business might not be in immediate danger, you should employ solutions that analyze behavioral trends. It is also wise to invest in a managed services provider that offers 24/7 network monitoring, proper patches, and software updates. Reach out to our office for more information.