Fileless malware attacks are a real threat. Here's how to fight back
“It’s as if someone has evaded all the layers of security and stolen the crown jewels without leaving a trace,” notes Travis Rosiek on Dark Reading. That’s the terrifying reality of fileless malware attacks, which begin with an email link that opens the door to a nearly undetectable threat.
In this article, we will take a look at the rise in sophisticated malware attacks and how patch management continues to be your strongest defense.
Fileless malware (also known as bodiless malware or non-malware) does not write any of its activity in the hard drive, making it resistant to many detection strategies. Unlike previous forms of in-memory malware, fileless malware does not ‘touch’ the hard disk, but instead scripts and binaries are hidden in system registry, in-memory processes and service areas.
Once inside, the malicious activity execution often exploits applications such as PowerShell to launch attacks against the host machine and leveraging SC and NETSH utilities to move laterally in a network - all done quickly and often without triggering any defences. Given its silent nature, it is likely that we currently underestimate the prevalence of fileless malware.
How to Counteract Fileless Malware Attacks
As with many sophisticated attacks, organizations should look to multi-layered security to prevent and catch fileless malware attacks or more sophisticated zero trust identity-centric models to limit risks. Anti-spam and anti-phishing layers can help you spot incoming links before they get to users, but they will be hit and miss with such a well-hidden malware. As noted on Dark Reading, many times fileless exploits will use obfuscation techniques that have a high social success rate, appearing as ‘harmless’ PDF or Office documents and operating in very similar manners as normal operations.
Thankfully, in many cases, fileless malware attacks target a specific OS and product patch level. While this specificity is what makes the attack successful, it’s also the solution to your problem. Have you guessed it? That’s right, patching.
In order to maximize security, you have to find and fill the holes in your company’s protections. Over 70% of security breaches target known vulnerabilities that could have been prevented with a simple patch. While fileless malware may be the latest or most sophisticated variant, it still targets vulnerabilities in whitelisted systems and applications.
Effective patch management includes the ability to discover and report on unpatched device and the ability to manage the timing and delivery of patches to minimize network load and impact on end user productivity. FileWave empowers you to patch macOS and Windows operating systems, as well as updates and patches to third party applications. Most importantly, you need to keep your vital security layers where they belong and configured correctly to the latest patch level, with self-healing, or you might as well not have them at all.