Cybercriminals around the world have deployed a new attack technique to invade computer systems. A Fileless attack exploits the vulnerabilities that exist between security software and genuine Windows applications.
The attack system is so sophisticated that it leaves zero footprints on the computer system, making it difficult to notice the presence of the malware attack. The rapid increase in these types of attacks has become a major concern for tech companies. Internet solutions firm McAfee has published a report highlighting the effect of these attacks.
The report highlights the number of attacks growing in 2018. One such Fileless threat, CactusTorch uses DoNetToJScript technique which loads and executes malicious .NET code from memory to cause the attack. There is a rapid growth in the use of CactusTorch attacks, which can execute custom shellcode on Windows systems.
The major reason why these attacks are hard to detect is that this type of attacks are launched through reputable, trusted executables. The rise in such attacks is a major concern for tech firms. Since Fileless malware attacks do not install any software on a user’s computer, hackers can easily sneak into systems by launching malware applications.
McAfee’s Q2 threat report discovered many Fileless malware campaigns that targeted. These malware campaigns leverage Microsoft PowerShell to create a backdoor into the system. These number of attacks surged to over 432% in 2017. More than 29% of total attacks faced by organizations in 2017 were Fileless, the same is expected to rise to 35% in 2018.
Another security software firm, Symantec found embedded malicious scripts in the Windows Registries of approximately 5,000 computers per day. The company had blocked around 4,000 attacks on endpoints per day by the fileless Trojan.Korver trojan. These attacks allow hackers to remain concealed and allow attackers to stay alive in an environment longer.
These types of attacks cannot be detected and fixed by any traditional anti-virus software. There are a couple of changes organizations can do to protect themselves against them. Going forward, companies will need to focus on threat intelligence and streaming prevention.