Demystifying Fileless Malware in Less than 3 Minutes

Malware is by no means a new threat; however, like the majority of digital attacks, malware attacks are rapidly evolving - becoming highly sophisticated, difficult to detect and devastating for victims. An especially dangerous type of malware - fileless malware - is gaining popularity among cyber criminals due to its ability to evade detection and deceive users.

Fileless malware attacks exploit existing, trusted system applications to install and run malicious code on target systems. This malicious code is used to encrypt and exfiltrate sensitive data and transfer this data directly into the hands of the attacker. Fileless malware can be seen as a cyber crime double play - it also enables malicious actors to silently eavesdrop on your system, often providing access to  confidential business information.

Because fileless malware does not leverage executable files and, therefore, does not have a signature, the majority of traditional, signature-based antivirus and email security solutions are unable to detect this emerging exploit, leaving users, systems and critical data vulnerable. This article will demystify fileless malware and offer advice on how to safeguard against it - in less than three minutes!

What Is Fileless Malware and How Do These Attacks Work?

Like all malware, fileless malware is typically delivered to victims in a phishing email containing a malicious link to a fraudulent website. When the user clicks on this link, the website loads a program such as Flash or Java that leverages known vulnerabilities to trigger an exploit in a known and trusted application.

Unlike file-based malware, fileless malware does not rely on traditional executable files, called the “payload.” Instead, these advanced attacks employ a technique known as “living-off-the-land”, where attackers use existing legitimate, trusted tools - or LOLBins - for malicious purposes. In this case, threat actors exploit tools built into operating systems such as Microsoft Office Macros, WMI and PowerShell - essentially turning these systems against themselves. 

Fileless malware attacks can be used to perform a wide array of malicious activities including the encryption, exfiltration and delivery of critical data to cyber criminals and the compromise of other systems through the installation of malicious code.

As you now know, fileless malware does not involve executable files as regular malware does, making antivirus protection ineffective against these attacks. Instead, fileless malware attacks leave no typical footprint on the target system, and because they use trusted system tools which can’t be removed or disabled, these exploited tools remain running on the system until they’re either told to stop by their operators or they eventually render the system inoperable. 

A Few Key Stats:

• Ponemon Institute reports that fileless attacks are 10 times more successful than file-based attacks.
• A survey conducted by Ponemon Institute indicates that there was an alarming 94% rise in fileless malware attacks during the first half of 2018 - and further research reveals that this frightening trend persists.
• In 2018, the notorious SamSam fileless ransomware variant targeted 67 organizations, mainly in the healthcare sector. One Indiana hospital paid the malicious hackers roughly $50,000 to unlock their encrypted data.

How To Defend Against Fileless Malware Attacks

• Conduct regular security hygiene checks to look for vulnerabilities.
• Keep your OS and applications patched and updated.
• Most importantly: implement a multi-layered, threat-ready cloud email security solution capable of detecting and blocking fileless malware emails and other emerging attacks by employing advanced techniques like behavior monitoring, Artificial Intelligence and Machine Learning to analyze every attribute of each email delivered in real-time, preventing all malicious mail from reaching the inbox.

The Bottom Line

Malware attacks are becoming more advanced and effective, leveraging stealthy techniques and evading detection by only running in the computer’s memory as opposed to relying on executable files. Fileless malware attacks are used to gain administrative privileges to systems, download more malicious payloads and perform a wide range of other malicious activities. 

Modern threats demand modern defenses, and traditional antivirus and anti-malware software are no longer able to keep pace with today’s exploits. Luckily, by implementing an advanced, adaptive cloud email security solution, businesses can prevent fileless malware emails and other malicious threats from reaching the inbox - safeguarding their most critical assets and their brand.