Blog
The rise of fileless malware
May 5th, 2015
The improvements in file security scanners mean hackers are now deviating from traditional malware installations and looking for new methods of access. Previously, the malware had to rely on dropping copies of themselves onto specific locations and using persistence tactics. However, security scanners could easily detect and block these, so hackers have now turned their attention to fileless malware.
Fileless malware is malicious coding that exists only in memory, rather than on the target computer’s hard drive. Sometimes known as fileless infection, users typically contract it after visiting a malicious website from an advert. These are typically placed by the hacker and are known as malvertisments.
The malware is written directly to RAM and code is injected into some running processes, like iexplore.exe or javaw.exe, which are then used for the exploit. As the malware doesn’t exist as a file, it can often elude anti-virus systems. Not only is fileless malware difficult to detect, but it is also difficult to remove. It is the location of the malware which makes detection and deletion much more difficult than the typical hardware infection.
There’s been a huge uptick in these sort of attacks. Purely because the rootkits are on the internet and they seem to be incredibly effective at bypassing traditional file-based scanners. They will typically introduce them into browser processes with usernames and passwords the only real target, in effect for financial gain. If a security weakness presents an opportunity for financial gain then expect hackers to hit it hard and fast.
So, what can organisations do to prevent this within their infrastructure?
Generally, multi-layered threat protection is going to help. I’d certainly say a higher-end firewall with subscription-based, real-time updates are going to help. Knowing the IP’s and some sort of signatures that these processes are going to enter with and talk on is going to be one control method using deep packet inspection. Organisations should also be using the bigger name brands for AV/Malware protection. Many see AV as simple tech anyone can do, however, firms should not try to do it cheaply. They should be looking at advanced solutions with a level of behavioural analysis built-in.
What will vendors do to help prevent an outbreak of fileless malware?
File-based detection systems still have their place without a doubt. They will just have to adapt further, particularly around behavioural analysis around the network, memory and registry. They’ve been making money for a long-time using relatively old technology so they can’t complain.
How to strategically use IT to increase business resiliency in the age of COVID-19 and beyond
Resilience. It’s been one of the top words of 2020. But, as coronavirus has aptly demonstrated, it’s much more than just a buzzword. If you want to your business to withstand turbulent times, be it a recession, new marketplace competitors, changing regulations, security threats, Brexit or a global pandemic you need to improve resilience. What […]
6 reasons your business continuity plan is weak – and how to fix it
Business continuity planning involves creating a strategy to prevent, reduce and recover from risks to an organisation. Many organisations still have business-impacting IT outages that should be avoidable, or quick to recover from. There are six key reasons why these types of IT outages continue to impact businesses. 1. Not understanding risk Most businesses would […]
QuoStar sponsors Hampshire Sporting Club Autumn Dinner
QuoStar were delighted to sponsor the recent Hampshire Sporting Club Autumn Dinner at the end of September. This dinner was hosted at St Mary’s Stadium in Southampton. We have attended a number of the Southern Sporting Clubs’ Dinners and, as always, there was a great turnout. A testament to their quality, success and popularity. We take part […]