Browse Definitions :
Definition

fileless malware attack

Contributor(s): Ivy Wigmore

A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer. Unlike other malware attacks where software is unknowingly installed onto the user’s device, fileless malware attacks use applications that are already installed which are thought to be safe. Therefore, fileless malware attacks do not need to install malicious software or files to initiate an attack.

A fileless malware attack may begin by a user-initiated action, such as clicking a banner ad that opens a redirect to access Flash, which then utilizes other applications on the device. Fileless malware attacks exist in a device’s RAM and will typically access and inject malicious code into default Windows tools, such as PowerShell and Windows Management Instrumentation (WMI). These trusted applications can carry out system tasks for multiple endpoints, which makes them ideal targets for fileless malware attacks. For example, the Equifax breach was executed with a fileless malware attack using the Apache Struts application.

Fileless malware attacks are typically very difficult to prevent and detect, as fileless malware does not require downloading any files. With no detectable signature, it can bypass the effectiveness of some antimalware protection services or whitelists.

How to Prevent and Detect Fileless Malware Attacks

Even though fileless malware attacks are difficult to prevent and detect, they do leave some detectable traces. One such trace includes a compromise in a device’s system memory. Network patterns should also be monitored to look for the device connecting to botnet servers. Some antivirus software such as McAfee provide behavior analytics which can detect when an application is executed at the same time as an application such as PowerShell. The service can then quarantine the applications or close them.

If a fileless malware attack accesses Microsoft Office, users can turn off macro functionalities. In web browsers, users can turn off JavaScript executions to prevent attacks; however, this is likely to stop most websites from working properly.

Best Practices

A few best practices for avoiding fileless malware attacks include:

  • Securing system endpoints.
  • Monitoring application and network traffic.
  • Uninstalling unused or non-critical applications.
  • Turning off any unnecessary application features.
  • Once an attack is known, changing any system passwords.
  • Rebooting the endpoint device will stop a breach since the device will only keep data in RAM when the device is on.
This was last updated in March 2019

Continue Reading About fileless malware attack

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What methods do you use to prevent and detect fileless malware attacks?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • RAID 6 (redundant array of independent disks)

    RAID 6, also known as double-parity RAID, uses two parity stripes on each disk. It allows for two disk failures within the RAID ...

  • hard disk drive (HDD)

    A computer hard disk drive (HDD) is a non-volatile memory hardware device that controls the positioning, reading and writing of ...

  • byte

    In most computer systems, a byte is a unit of data that is eight binary digits long. Bytes are often used to represent a ...

Close