Browse Definitions :
Definition

fileless malware attack

Contributor(s): Ivy Wigmore

A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer. Unlike other malware attacks where software is unknowingly installed onto the user’s device, fileless malware attacks use applications that are already installed which are thought to be safe. Therefore, fileless malware attacks do not need to install malicious software or files to initiate an attack.

A fileless malware attack may begin by a user-initiated action, such as clicking a banner ad that opens a redirect to access Flash, which then utilizes other applications on the device. Fileless malware attacks exist in a device’s RAM and will typically access and inject malicious code into default Windows tools, such as PowerShell and Windows Management Instrumentation (WMI). These trusted applications can carry out system tasks for multiple endpoints, which makes them ideal targets for fileless malware attacks. For example, the Equifax breach was executed with a fileless malware attack using the Apache Struts application.

Fileless malware attacks are typically very difficult to prevent and detect, as fileless malware does not require downloading any files. With no detectable signature, it can bypass the effectiveness of some antimalware protection services or whitelists.

How to Prevent and Detect Fileless Malware Attacks

Even though fileless malware attacks are difficult to prevent and detect, they do leave some detectable traces. One such trace includes a compromise in a device’s system memory. Network patterns should also be monitored to look for the device connecting to botnet servers. Some antivirus software such as McAfee provide behavior analytics which can detect when an application is executed at the same time as an application such as PowerShell. The service can then quarantine the applications or close them.

If a fileless malware attack accesses Microsoft Office, users can turn off macro functionalities. In web browsers, users can turn off JavaScript executions to prevent attacks; however, this is likely to stop most websites from working properly.

Best Practices

A few best practices for avoiding fileless malware attacks include:

  • Securing system endpoints.
  • Monitoring application and network traffic.
  • Uninstalling unused or non-critical applications.
  • Turning off any unnecessary application features.
  • Once an attack is known, changing any system passwords.
  • Rebooting the endpoint device will stop a breach since the device will only keep data in RAM when the device is on.
This was last updated in March 2019

Continue Reading About fileless malware attack

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What methods do you use to prevent and detect fileless malware attacks?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • identity provider

    An identity provider is a system component that is able to provide an end user or internet-connected device with a single set of ...

  • firewall

    A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a ...

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close