Fileless Malware
Fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Fileless malware is malicious code that does not require using an executable file on the endpoint’s file system besides those that are already there. It is typically injected into some running process and executes only in RAM.
Fileless malware piggybacks on legitimate scripts by executing malicious activity while the legitimate programs continue to run. Fileless malware can remain undetected because it’s memory-based, not file-based. Antivirus software often works with other types of malware because it detects the traditional “footprints” of a signature. In contrast, fileless malware leaves no footprints for antivirus products to detect.
Fileless malware can be effective in its malicious activity because it’s already hiding in your system and doesn’t need to use malicious software or files as an entry point. The stealthiness is what makes it so challenging to detect fileless malware and that enables it to harm your system for as long as it remains hidden.
Monitoring process memory is one way to combat fileless malware attacks. By monitoring memory, a security monitor can determine what commands were executed on a system, including the detection of fileless malware attacks that use PowerShell. Monitoring memory for a certain action being performed on a system, regardless of the program that started executing the malicious code could be used to identify potentially harmful actions like configuring a program or script to execute on login or changing other aspects related to persistent on an endpoint.
Another good way to keep your organization safe from fileless malware is to have a threat-hunting team actively searching for malware. Threat hunting for fileless malware is time-consuming and laborious work that requires the gathering and normalization of extensive amounts of data. Yet it is necessary component in a defense that protects against fileless attacks, and for these reasons, the most pragmatic approach for the majority of organizations is to turn their threat hunting over to an expert provider.
Managed threat-hunting services are on watch around the clock, proactively searching for intrusions, monitoring the environment, and recognizing subtle activities that would go unnoticed by standard security technologies.
