What is fileless malware?

This near-invisible threat can go virtually undetected by even the most advanced antivirus software

Of all threats challenging a business’s integrity, a fileless malware is near the top of the list, as it’s rarely detected, even by antivirus tools.

Detection is difficult because fileless malware, true to its name, doesn’t rely on files to infect a machine or network. Instead, seemingly genuine programs serve as entry points for malware. Equifax’s data breach story is a classic example of how benignly malware can present itself before ultimately taking the target machine hostage.

A command injection vulnerability in the consumer complaints portal led to the Equifax breach. Login credentials of three servers allowed access to another 48 servers containing consumer data saved in plain text. This lack of encryption added to the theft. The vulnerability paved the way for something even more sinister: remote code execution. It was later revealed that the hackers accessed the portal for nearly 76 days.

In 2018, 90% of financial institutions reported being targeted by fileless malware. This leaves an obvious question hanging in the air: what makes fileless malware so elusive? And, is there a way out?

The anatomy of fileless malware

Fileless malware is malicious software that finds and exploits vulnerabilities in a target machine, using applications, software or authorized protocols already on a computer. This type of malware resides in the RAM where it re-employs trusted processes running on the operating system, a phenomenon often called “living off the land.” 

The idea behind the attack is deviously clever: no safety system, however sophisticated, scans a legitimate file or software on the disk. It’s also good to note that, despite the name, fileless malware holds the potential to use shortcuts, script files and trusted processes like adobe.exe to install malicious code. 

There are no quick fixes, either. Fileless malware leaves a footprint so small that it evades detection nine times out of ten. It is this stealthiness that keeps fileless malware immune to ground-level security solutions. And although malware typically attacks all kinds of operating systems, most fileless malware targets Windows computers.

Here is a small list of entry points hackers use to make way into a target system:

  • Phishing emails peppered with ‘safe-looking’ links 
  • Websites that redirect and hint download
  • Trusted and frequented programs  

The scenarios indicate fileless attacks are often user-initiated — an individual receives an unsolicited email, clicks on a link and is redirected to a malicious website. 

A more native example is Microsoft’s PowerShell framework. A staple in modern IT environments, PowerShell automates repetitive tasks, so you don’t have to do them manually. 

Fileless malware can violate original PowerShell scripts and remain undetected because firewalls and antivirus programs don’t blacklist PowerShell routines. The utility is vital to most organizations, which is why the platform can’t be shut down or blocked. Macros in Microsoft Office tools and Adobe Flash video player are other common fileless malware carriers.

What happens to stolen data after a breach?

Compromised data is often sold on the dark web for profit. Certain infiltrations can also take over your web browser to run redundant marketing ads, steal passwords and more. 

With no file to take action on, data security systems are caught off guard and defense becomes difficult. Attacks can also be extended to other locations or shared networks via the internet. 

All in all, as malware evolves, we’re faced with a greater challenge of developing equally competent tools that are ready for combat.

How to protect against fileless malware?

Much of malware defense involves shifting the focus from security tools to human vulnerability. System behavior analysis and fraud-detection software are helpful, but only at the surface. For all we know, a slight delay in updating a security patch can prove treacherous. 

However, the good news is a user can do several things to stop the malware in its tracks. Safeguard your PC from fileless malware by:

  • Implementing two-factor authentication
  • Turning off PowerShell and WMI when not in use
  • Visiting secure websites only (look for a padlock icon on the browser)
  • Revising download policies by disabling PDFs and Flash from loading in browsers
  • Watching out for phishing emails that come with jaw-dropping offers
  • Keeping tabs on the latest security patches

A final word

When it comes down to it, a window of opportunity is all it takes for a cybercriminal to turn a machine against itself. That said, the concept of absolutely zero-footprint malware doesn’t truly exist, as there are ways to detect malware, even when the threat isn’t readily visible. 

“Software vulnerabilities in the software already installed are necessary to carry out a fileless attack, so the most important step in prevention is patch and update not only the operating system, but software applications," states Jon Heimerl, senior manager of the threat intelligence communications team at NTT Security. "Browser plugins are the most overlooked applications in the patch management process and the most targeted in fileless infections."

The strongest defense against fileless malware is user vigilance and reliable anti-malware software. By carefully monitoring admin and user activity, corporate networks can steer clear from fileless malware invasions.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

China to launch global data security initiative
Policy & legislation

China to launch global data security initiative

8 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020