Fileless attacks are on the rise. However, many people are unfamiliar with them. Learn what they are and how to protect your business from them.
Fileless attacks are not new, but they are becoming more common. Thirty-five percent of all cyberattacks in 2018 will be fileless, according a Ponemon Institute study. But what are they? Here is what you need to know about fileless attacks and how to protect your business from them.
Fileless Attacks 101
A fileless attack is not a new type of malware or the latest digital scam. Instead, it is a descriptor for a specific type of attack. In traditional cyberattacks, hackers try to install and run malware from a device’s hard disk. In fileless attacks, cybercriminals run malware directly from a computer’s memory. Hackers often use these in-memory attacks to steal money or data. The largest data breach in 2017 — the Equifax data breach — was a fileless attack.
Fileless attacks begin like most other cyberattacks. Cybercriminals try to gain access into a computer system. They might try exploiting a security vulnerability in unpatched software or try using a brute force attack to crack the password of service account. A more common technique, though, is sending out phishing emails that try to trick people into clicking a malicious link or opening a malicious attachment, such as a Microsoft Word document containing a macro.
Once the hackers have gained access, they run commands or malware directly from the computer’s memory. They often take advantage of built-in system administration tools such as Windows PowerShell or Task Scheduler to run commands and malware.
Fileless attacks are not necessarily fileless at every stage. The attack might initially begin in-memory, but then hackers will install malware on the hard disk, or vice versa.
Why Fileless Attacks Are Becoming More Common
Hackers are increasingly turning to fileless attacks because they are 10 times more likely to succeed than file-based attacks, according to the Ponemon Institute study. The high rate of success can be attributed to several factors.
For starters, anti-virus software is not very effective in detecting fileless attacks because malware is often not present on computers’ hard disks. Forensics experts also have a more difficult time reconstructing attacks for the same reason. Knowing how cybercriminals carried out attacks helps prevent similar attacks in the future.
Another reason for the high success rate is that fileless malware is often designed to run in stealth mode, which makes it harder to detect. Plus, hackers usually take advantage of built-in system administration tools to carry out tasks in-memory. Using built-in tools raises fewer red flags because system administrators often use them for legitimate work, making it more difficult to spot anomalies. In addition, access to those tools cannot be completely blocked since administrators need to use them.
How to Protect Your Business
Although fileless attacks have a high rate of success, you are not helpless against them. To protect your business, you can:
We can evaluate your business and provide specific recommendations on how to secure it against fileless attacks.