Browse Definitions :
Definition

fileless malware attack

A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer. Unlike other malware attacks where software is unknowingly installed onto the user’s device, fileless malware attacks use applications that are already installed which are thought to be safe. Therefore, fileless malware attacks do not need to install malicious software or files to initiate an attack.

A fileless malware attack may begin by a user-initiated action, such as clicking a banner ad that opens a redirect to access Flash, which then utilizes other applications on the device. Fileless malware attacks exist in a device’s RAM and will typically access and inject malicious code into default Windows tools, such as PowerShell and Windows Management Instrumentation (WMI). These trusted applications can carry out system tasks for multiple endpoints, which makes them ideal targets for fileless malware attacks. For example, the Equifax breach was executed with a fileless malware attack using the Apache Struts application.

Fileless malware attacks are typically very difficult to prevent and detect, as fileless malware does not require downloading any files. With no detectable signature, it can bypass the effectiveness of some antimalware protection services or whitelists.

How to Prevent and Detect Fileless Malware Attacks

Even though fileless malware attacks are difficult to prevent and detect, they do leave some detectable traces. One such trace includes a compromise in a device’s system memory. Network patterns should also be monitored to look for the device connecting to botnet servers. Some antivirus software such as McAfee provide behavior analytics which can detect when an application is executed at the same time as an application such as PowerShell. The service can then quarantine the applications or close them.

If a fileless malware attack accesses Microsoft Office, users can turn off macro functionalities. In web browsers, users can turn off JavaScript executions to prevent attacks; however, this is likely to stop most websites from working properly.

Best Practices

A few best practices for avoiding fileless malware attacks include:

  • Securing system endpoints.
  • Monitoring application and network traffic.
  • Uninstalling unused or non-critical applications.
  • Turning off any unnecessary application features.
  • Once an attack is known, changing any system passwords.
  • Rebooting the endpoint device will stop a breach since the device will only keep data in RAM when the device is on.
This was last updated in March 2019

Continue Reading About fileless malware attack

SearchCompliance
  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

SearchSecurity
  • session key

    A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session ...

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular ...

  • multifactor authentication (MFA)

    Multifactor authentication (MFA) is a security technology that requires more than one method of authentication from independent ...

SearchHealthIT
SearchDisasterRecovery
  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage
  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close