Technically not “malware,” this type of fileless attack does not install software to hijack data, but rather sneaks in under the cover of a legitimate program and it’s extremely difficult to detect. There has been a recent uptick in fileless malware hacks, and it doesn’t look like this type of cybercrime will be going away anytime soon.
Typically, fileless malware will siphon data by taking control of legitimate programs, like WMI and PowerShell, which exist on the vast majority of Windows machines. Due to the nature of the malware, and the functions of the programs, most security scans do not even check for this type of activity. Once these programs are infected, they are then able to command and control servers without detection. Fileless malware can be introduced via infected USB sticks, by utilizing exploits in most browsers, and can even be stored in bogus scheduled tasks to keep running filelessly, and to keep itself updated.
The best protection against such a difficult-to-detect form of malware is a multi-layered approach.
- Apply the latest patches, both Windows and third party. Windows 10 users are notorious for skipping patches due to large roll-ups and subsequent downtime, but updating/patching is an important piece of protection, and time well-spent. If downtime is an overwhelming concern, using one of NSDS’s RMM solutions such as Continuum can help in patch management.
- Be sure to secure PowerShell, which is the most commonly used program to deliver fileless malware, via domain group policies for users who do not need it, as well as updating PowerShell to version 5 or above.
- Secure possible points of entry by utilizing firewalls with deep packet inspection, intrusion prevention systems, and content filtering. Also, be sure to implement proper email spam filtering systems, and web reputation plugins for web browsers.
- Install latest generation client security programs such as SonicWALL’s “capture client” that scans for the threat in memory when the application is being run.
Proactive monitoring of your systems and network will help the most. Be vigilant for large amounts of data leaving your systems, and never hesitate to reach out to NSDS for guidance. We have the knowledge and tools to make your data as safe as possible. Contact sales@ns-data.com to learn more.
