Browse Definitions :
Definition

fileless malware attack

A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer. Unlike other malware attacks where software is unknowingly installed onto the user’s device, fileless malware attacks use applications that are already installed which are thought to be safe. Therefore, fileless malware attacks do not need to install malicious software or files to initiate an attack.

A fileless malware attack may begin by a user-initiated action, such as clicking a banner ad that opens a redirect to access Flash, which then utilizes other applications on the device. Fileless malware attacks exist in a device’s RAM and will typically access and inject malicious code into default Windows tools, such as PowerShell and Windows Management Instrumentation (WMI). These trusted applications can carry out system tasks for multiple endpoints, which makes them ideal targets for fileless malware attacks. For example, the Equifax breach was executed with a fileless malware attack using the Apache Struts application.

Fileless malware attacks are typically very difficult to prevent and detect, as fileless malware does not require downloading any files. With no detectable signature, it can bypass the effectiveness of some antimalware protection services or whitelists.

How to Prevent and Detect Fileless Malware Attacks

Even though fileless malware attacks are difficult to prevent and detect, they do leave some detectable traces. One such trace includes a compromise in a device’s system memory. Network patterns should also be monitored to look for the device connecting to botnet servers. Some antivirus software such as McAfee provide behavior analytics which can detect when an application is executed at the same time as an application such as PowerShell. The service can then quarantine the applications or close them.

If a fileless malware attack accesses Microsoft Office, users can turn off macro functionalities. In web browsers, users can turn off JavaScript executions to prevent attacks; however, this is likely to stop most websites from working properly.

Best Practices

A few best practices for avoiding fileless malware attacks include:

  • Securing system endpoints.
  • Monitoring application and network traffic.
  • Uninstalling unused or non-critical applications.
  • Turning off any unnecessary application features.
  • Once an attack is known, changing any system passwords.
  • Rebooting the endpoint device will stop a breach since the device will only keep data in RAM when the device is on.
This was last updated in March 2019

Continue Reading About fileless malware attack

SearchNetworking
SearchSecurity
  • man in the browser (MitB)

    Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is ...

  • Patch Tuesday

    Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system ...

  • parameter tampering

    Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's ...

SearchCIO
  • e-business (electronic business)

    E-business (electronic business) is the conduct of business processes on the internet.

  • business resilience

    Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business ...

  • chief procurement officer (CPO)

    The chief procurement officer, or CPO, leads an organization's procurement department and oversees the acquisitions of goods and ...

SearchHRSoftware
SearchCustomerExperience
  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

  • customer intelligence (CI)

    Customer intelligence (CI) is the process of collecting and analyzing detailed customer data from internal and external sources ...

  • clickstream data (clickstream analytics)

    Clickstream data and clickstream analytics are the processes involved in collecting, analyzing and reporting aggregate data about...

Close