View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 6, 2018updated 07 Jul 2022 10:50am

Fileless Attacks Grow as Attackers Find New Ways Past System Security

"These sophisticated attacks avoid detection and maintain persistence by borrowing the propagation and anti-forensic techniques seen in the complex nation state attacks of the past"

By CBR Staff Writer

Businesses face a growing risk from fileless cyberattacks, Malwarebytes researchers have warned in a new report.

Fileless malware accounted for 35 percent of all attacks in 2018 according to research carried out by the Ponemon Institute.

Malwarebytes researchers believe that there has been a shift in the way threat actors develop and deploy malware, with a rapid shift toward numerous highly dynamic attacks that are frequently modified to avoid detection by standard security products.

Fileless malware attacks often use default Windows tools to commit malicious actions or move laterally across a network to other machines. The most common Windows tools used in these types of attacks are PowerShell and WMI, which are installed on nearly every Windows machine.

PowersShell is a scripting language that when used by threat actors can give them unrestricted access to Windows APIs and system inner core.

Fred O’Connor researcher at endpoint security company Cyberreason commented in a blog that: “PowerShell’s ability to run remotely through WinRM makes it an even more appealing tool. This feature enables attackers to get through Windows Firewall, run PowerShell scripts remotely or simply drop into an interactive PowerShell session, providing complete admin control over an endpoint.”

He also notes that if WinRM is not on, it can be turned on remotely through WMI using a single line of code.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

PowerShell Script

Recently attackers started sending PowerShell script embedded in Windows Office documents out in phishing campaigns. Once opened a specially-crafted setting file starts to run malicious code on the infected computer. This attack completely circumvents the system’s security measures and can remain undetected for some time.

Malwarebytes researchers state that: “These have had success in attacking businesses because the majority of past and present security solutions are designed to detect file-based malware.” Fileless malware attacks are ten times more likely to be successful than traditional file-based attacks.

As these types of attacks completely circumvent system security and then place a hidden malicious code on the system they are becoming the weapon of choice for threat actors.

“These sophisticated attacks avoid detection and maintain persistence by borrowing the propagation and anti-forensic techniques seen in the complex nation state attacks of the past,” Mawarebytes comment.

See Also: Insecure IoT Networks Spew 200+ Million Messages in 16 Weeks

Attackers are continually changing their methods to move around the security measures deployed by enterprise. Fileless attacks allow them to completely own a system and if they are carried out correctly they can go undetected for a considerable amount of time.

One of the best defense against them is to always be aware of what you are using and opening on your systems.

Malwarebytes believe that to protect computers in future: “We need every aspect of the computing experience to be monitored and secured, including incoming and outgoing traffic to which processes can run and even which files can be downloaded.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.