View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 6, 2018

Fileless Attacks Grow as Attackers Find New Ways Past System Security

"These sophisticated attacks avoid detection and maintain persistence by borrowing the propagation and anti-forensic techniques seen in the complex nation state attacks of the past"

By CBR Staff Writer

Businesses face a growing risk from fileless cyberattacks, Malwarebytes researchers have warned in a new report.

Fileless malware accounted for 35 percent of all attacks in 2018 according to research carried out by the Ponemon Institute.

Malwarebytes researchers believe that there has been a shift in the way threat actors develop and deploy malware, with a rapid shift toward numerous highly dynamic attacks that are frequently modified to avoid detection by standard security products.

Fileless malware attacks often use default Windows tools to commit malicious actions or move laterally across a network to other machines. The most common Windows tools used in these types of attacks are PowerShell and WMI, which are installed on nearly every Windows machine.

PowersShell is a scripting language that when used by threat actors can give them unrestricted access to Windows APIs and system inner core.

Fred O’Connor researcher at endpoint security company Cyberreason commented in a blog that: “PowerShell’s ability to run remotely through WinRM makes it an even more appealing tool. This feature enables attackers to get through Windows Firewall, run PowerShell scripts remotely or simply drop into an interactive PowerShell session, providing complete admin control over an endpoint.”

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

He also notes that if WinRM is not on, it can be turned on remotely through WMI using a single line of code.


Fileless Malware Detected Across the World
Image Source: Malwarebytes

PowerShell Script

Recently attackers started sending PowerShell script embedded in Windows Office documents out in phishing campaigns. Once opened a specially-crafted setting file starts to run malicious code on the infected computer. This attack completely circumvents the system’s security measures and can remain undetected for some time.

Malwarebytes researchers state that: “These have had success in attacking businesses because the majority of past and present security solutions are designed to detect file-based malware.” Fileless malware attacks are ten times more likely to be successful than traditional file-based attacks.

As these types of attacks completely circumvent system security and then place a hidden malicious code on the system they are becoming the weapon of choice for threat actors.

“These sophisticated attacks avoid detection and maintain persistence by borrowing the propagation and anti-forensic techniques seen in the complex nation state attacks of the past,” Mawarebytes comment.

See Also: Insecure IoT Networks Spew 200+ Million Messages in 16 Weeks

Attackers are continually changing their methods to move around the security measures deployed by enterprise. Fileless attacks allow them to completely own a system and if they are carried out correctly they can go undetected for a considerable amount of time.

One of the best defense against them is to always be aware of what you are using and opening on your systems.

Malwarebytes believe that to protect computers in future: “We need every aspect of the computing experience to be monitored and secured, including incoming and outgoing traffic to which processes can run and even which files can be downloaded.”

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy