The threat of fileless- How to protect against evasive malware - Photo by Myriam Jessier on Unsplash2020 and indeed the early stages of 2021 have been nothing other than extremely tough on societies globally. As human resilience has been put to the test, a multitude of silver linings have emerged at several stages of the coronavirus pandemic.

Be it scientific ingenuity, widespread acts of kindness or the formation of an unprecedented spirit of cooperation in local, national and international communities alike, the vast majority of people have reacted to one of the most trying times in modern history with truly admirable efforts.

We have been forced to live physically further apart than in pre-pandemic times. Yet, a true sense of camaraderie has emerged that we hope is here to stay as the world begins to reconnect.

It is a shame to admit it, but these altruistic efforts have not been universal. On the flip side, some have taken the opportunity to find personal gain in the adversity.

I am, of course, talking about cybercriminals.

Cyberattacks on the rise

Cyberattacks have increased in volume and sophistication in the past 12 to 18 months. It is a reality that has crept its way in without many of us even realising it.

The sheer volume of techniques available to hackers today is somewhat frightening. They range from malware, phishing and man-in-the-middle attacks to zero-day exploits, DNS tunnelling and structured query language (SQL) injections. The world has had to become more vigilant and proactive in avoiding and dealing with hackers than ever before.

This brings me to the core subject that I’d like to discuss in this article – fileless malware attacks.

This form of malware hit the headlines recently. New research revealed that fileless attack rates had soared by almost 900% in 2020. They had also previously grown by 265% in 2019. A highly concerning trajectory has begun to emerge.

The question here, simply, is why? Why have fileless attacks become so prevalent in recent times?

Understanding fileless malware attacks

Fileless attacks are not necessarily novel. Malicious PowerShell activities were first detected on Windows XP powered devices that were released 15 years ago. In theory, fileless attacks even precede this.

The difference today lies in the way in which they have evolved. They have become complex infection mechanisms that are both multi-faceted and hard to detect. Indeed, the latter point very much explains why fileless attacks have spiked so significantly in the past two years.

It is worth us considering how fileless techniques are used in practice.

Traditional malware attacks will operate by infecting an endpoint with a downloadable payload that facilitates the installation of malicious code on a system’s hard drive. Fileless malware is much harder to detect than this – it doesn’t need to rely on a hard drive to execute. Instead, it can execute in a computer’s memory via what is known as a living off the land attack.

Here is an example of how this might play out: A phishing email may trick an end-user who has opted to interact with the malicious content. It uses existing commonly found software, such as Microsoft Word or Adobe Acrobat.

The living off the land attack consequently commences. The fileless malware would have the necessary means to invoke malicious PowerShell activity. This allows it to successfully execute its malicious payload within the computer’s memory.

Is this all that different to a typical malware attack? In terms of its intent, no. However, it is more problematic. Fileless attacks are better able to slip under the radar and avoid detection by the majority of legacy security solutions – namely, signature-based antivirus software.

Combatting the perfect storm

These security solutions are still today widespread in the market. Yet, in most instances – fileless attacks being a prime example – they are no longer adequate.

If nothing else, such attacks have shown how vital it is to embrace and implement layered, end-to-end security models, particularly within the context of COVID-19 (we’ll come onto this).

Additionally, the pandemic has unfortunately provided the perfect storm for cybercrime to thrive. Phishing hooks have been adapted to prey on people’s most prevalent fears. In recent months we’ve seen everything from hoax vaccination registration emails to the promise of videos showing ‘unseen footage’ of overrun hospitals and desolate cities.

Companies have also become increasingly vulnerable as their employees continue to work from home. Business models were forced to transform from on-premises to remote almost overnight. It is a process that was understandably yet unfortunately detrimental to many organisations’ overall security hygiene. Where this hasn’t since been addressed, cybercriminals have retained a wider pool of open invitations to attempt to execute fileless attacks.

Given both the ever-expanding sea of fileless threats and the new remote business environment that the majority of us continue to operate in, it has never been more important for companies to take the necessary steps to protect themselves.

Best practices for comprehensive protection

So, where does this path lead?

When it comes to fileless attacks, no one silver bullet can provide holistic protection. There are, however, several best practices that can be adhered to. These will help stamp out the threats and create a more effective, overarching security ecosystem.

Raising awareness is arguably the most vital piece of this puzzle. Approximately 95% of all cyberattacks stem from human error. It is a shockingly high figure that can easily be whittled down through basic security hygiene training.

Provide your staff with the knowledge and precautionary know-how to ensure that the vast majority of fileless attacks fail to execute. Explain that spear-phishing attacks have become increasingly prevalent, and erring on the side of caution is always safer. Also, offer insight into how certain fileless attacks operate so that they may be able to identify a potential breach themselves.

Simple steps such as these can go a long way in mitigating enterprise risk.

Replace outdated signature-based antivirus software with a sophisticated toolkit comprising behavioural-based endpoint detection and response solutions. Should fileless malware slip through the net despite better employee awareness, these technologies can help you detect even the most evasive of threats.

Adhere to proclaimed principles such as that of least employee privilege throughout your organisation. It can go a long way in safeguarding your digital assets.

To reiterate, there is no catch-all miracle cure. Yet, just like the social distancing measures, masks and vaccines that we have become all too accustomed to in our daily lives, providing the best possible protection is vitally important to keep overall risk to a minimum.

Integrity360Integrity360 is an industry-leading cyber security specialist operating in Ireland and the UK.


Please enter your comment!
Please enter your name here