Browse Definitions :
Definition

fileless malware attack

Contributor(s): Ivy Wigmore

A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer. Unlike other malware attacks where software is unknowingly installed onto the user’s device, fileless malware attacks use applications that are already installed which are thought to be safe. Therefore, fileless malware attacks do not need to install malicious software or files to initiate an attack.

A fileless malware attack may begin by a user-initiated action, such as clicking a banner ad that opens a redirect to access Flash, which then utilizes other applications on the device. Fileless malware attacks exist in a device’s RAM and will typically access and inject malicious code into default Windows tools, such as PowerShell and Windows Management Instrumentation (WMI). These trusted applications can carry out system tasks for multiple endpoints, which makes them ideal targets for fileless malware attacks. For example, the Equifax breach was executed with a fileless malware attack using the Apache Struts application.

Fileless malware attacks are typically very difficult to prevent and detect, as fileless malware does not require downloading any files. With no detectable signature, it can bypass the effectiveness of some antimalware protection services or whitelists.

How to Prevent and Detect Fileless Malware Attacks

Even though fileless malware attacks are difficult to prevent and detect, they do leave some detectable traces. One such trace includes a compromise in a device’s system memory. Network patterns should also be monitored to look for the device connecting to botnet servers. Some antivirus software such as McAfee provide behavior analytics which can detect when an application is executed at the same time as an application such as PowerShell. The service can then quarantine the applications or close them.

If a fileless malware attack accesses Microsoft Office, users can turn off macro functionalities. In web browsers, users can turn off JavaScript executions to prevent attacks; however, this is likely to stop most websites from working properly.

Best Practices

A few best practices for avoiding fileless malware attacks include:

  • Securing system endpoints.
  • Monitoring application and network traffic.
  • Uninstalling unused or non-critical applications.
  • Turning off any unnecessary application features.
  • Once an attack is known, changing any system passwords.
  • Rebooting the endpoint device will stop a breach since the device will only keep data in RAM when the device is on.
This was last updated in March 2019

Continue Reading About fileless malware attack

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What methods do you use to prevent and detect fileless malware attacks?
Cancel

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close