Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    ‘Fileless’ Malware Attacks Growing in Number and Sophistication

    Written by

    Wayne Rash
    Published September 5, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      You may not have heard of a fileless malware attack, but despite its obscurity, it’s a real and serious threat. 

      Furthermore, fileless malware makes up about 70 percent of executables that are unknown to reputation services, according to SentinelOne’s Enterprise Risk Index Report for the 2018 first half. This means that antivirus software that depends on matching a signature won’t find this malware. 

      In many cases this is because the malware isn’t an executable file at all. Instead, it’s a process that’s delivered to a computer that takes over an existing service, such as Microsoft Windows PowerShell or another Windows service, which then loads software or follows commands that carry out the activities normally associated with malware. 

      I first encountered such malware in 2015 in a spoofed email from a fax service that included a scan of the supposed fax. But what was actually included was a Microsoft Word file that included Javascript code that loaded malware from Russia. My AV software never noticed, even when I explicitly scanned the document. 

      That’s the problem with fileless malware. It enters your system as executable instructions that run in PowerShell, for example, and the computer follows those instructions. It may, for example, load encryption software from a remote site, encrypt your hard disk and then terminate the process. Or it can tell PowerShell to locate your backups first, and then erase them. 

      Security software that relies on a library of known malware threats to protect computers from cyber-attacks are ineffective because there’s no virus or malware file for your antivirus or anti-malware program to recognize. According to the SentinelOne report, this threat is growing rapidly. The problem then becomes, what to do about it? 

      “When there’s no file, many of the AV systems are blind to it,” says Migo Kedem, director of product management at SentinelOne. Kedem said that some companies are trying to prevent such attacks by disabling PowerShell or by disabling macros in Microsoft Office. 

      But he said that such actions can have serious impacts on productivity. He also noted that PowerShell has become increasingly important to IT departments for automating critical processes. 

      According to Kedem, the problem is also that you can’t hash a command line the way antivirus software uses a computed hash to identify malware. So the fileless malware can run the same command 25 or 30 different ways until something works. 

      Kedem said that he’s been working on artificial intelligence and machine learning software that can observe what is happening on a system under attack. When certain types of activities take place, the intelligent system can stop them, and if necessary roll back the attack. 

      “Eventually it will try to encrypt your files,” Kedem explained. “But first it will try to delete your backups. In the case of ransomware, those are two behaviors that mark it as malicious.” 

      The only way to detect such fileless malware is to catch it in the act. This means that you need monitoring software that will observe activity on your computers, and when it sees something suspicious, it immediately takes action. SentinelOne has an agent that monitors such activity, and takes action when it finds it. 

      Other solutions include Cybereason RansomFree which looks for the encryption process to begin, and then immediately terminates it. Cybereason also makes a full enterprise system that uses AI to seek out and destroy malware of all types. 

      Malwarebytes, long known for effective malware protection, is also fighting fileless malware. 

      “Malwarebytes’ exploit mitigation technology allows us to stop file-less malware attacks before they even begin, whether they rely on drive-by downloads or social engineering—i.e. Office macros,” said Jerome Segura, head of investigations at Malwarebytes Intelligence in an email. 

      “Our other layers of protection allow us to detect file-less malware already on the system in particular if it relies on registry entries for persistence and connects to its Command and Control server,” Segura wrote. 

      As you might expect, the fact that it’s fileless means that finding it installed on a system is problematic. 

      “There are types of file-less malware that we detect after infection,” explained Adam Kujawa, head of Malwarebytes Intelligence in an email. “However, with the constant evolution of this type of attack, we are likely going to encounter speedbumps on protecting users from this threat after infection.” 

      “A combination of our real time protection and web protection functionalities help with after infection cases, while our exploit mitigation tech identifies the attack before it can cause any damage,” Kujawa added. 

      Besides using JavaScript, and instructions for PowerShell, there are a number of ways that fileless malware can attack a system. These include VBScript Mshta (which runs Microsoft’s HTML application host) and rundll32 among other Windows processes that can run executable code. 

      However, you can’t just disable these processes in Windows (or similar processes in other operating systems) without potentially disabling the computer. While Windows is the most commonly attacked with fileless malware, there’s nothing that prevents this from happening with other operating systems. 

      The reasons why most of the files attacks are directed against Windows systems is mostly because of the huge installed base and because of the higher potential for significant return on malware writers’ efforts. 

      Protecting your computers requires more than just an antivirus package. It also requires discipline, education and good computer hygiene to keep from being a victim in the first place. You also have to have a strong sense of suspicion, which is how I discovered my first piece of fileless malware. 

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.