Securing your company does mean stopping malware. But in the ever evolving security war, bad actors are turning to what are called fileless attacks that don’t require a payload or tricking someone into installing them.
Easy for the bad people, but harder for you.
Here are five things to know about fileless attacks:
1. They masquerade inside trusted software.
According to Carbon Black’s 2017 Threat Report, fileless malware attacks leveraging PowerShell or Windows Management Instrumentation tools made up 52% of all attacks for the year.
2. They work by stealing user names and passwords, especially using phishing attacks.
Once you have those especially from high level users. You don’t need malware running. The bad folks just log in on domain accounts or as an IP administrator and take what they want.
SEE: IT leader’s guide to cyberattack recovery (Tech Pro Research)
3. Personal accounts and local admin accounts are the easiest.
They’re often not tied to a person and ignored. Once a bad actor gets one they can work privilege escalation from there.
4. Abandoned credentials are a gold mine.
If an attacker can get a former employee or client’s account that was never decommissioned nobody may ever notice. Map out your credentials across your networks, and make sure you know who has access and why.
5. They’re not new.
Like most attack vectors they’ve been around for awhile. Code Red and Slammer both made use of fileless attacks. What is new is the steps taken in the attack are all becoming fileless.
Not all security threats are wares of any kind, spy mal or otherwise.
Education and training are your best defense here. Make sure folks know what these threats are and how they can be used as a vector. They may be fileless, but they aren’t harmless.
Special thanks to Kelly Sheridan at Dark Reading who’s done a great job covering this. For more on cybersecurity from TechRepublic and sister site ZDNet, see the links below.
By Tom Merritt | April 26, 2018, 5:30 AM PST