What is Fileless Malware and How to Protect Against Attacks

    Although the total number of malware attacks went down last year, malware remains a huge problem. While the number of attacks decreased, the average cost of a data breach in the U.S. is rising, signaling that malware developers are building more sophisticated strains meant to avoid detection and provide a bigger payday. 

    Fileless malware is a strain that, like many other forms, uses phishing to get users to allow it onto their devices. It then uses trusted internal applications to hide its presence and gain access to multiple devices and datasets. How can you protect against something that uses whitelisted applications to its advantage? We’ve put together this guide to help you learn what fileless malware is and how you can protect against attacks.

    Fileless malware prevention

    What is fileless malware?

    With most malware, attackers try to install malicious files onto your computer. However, fileless malware hides within legitimate applications and executes harmful activities while the wanted programs are running. Fileless malware is memory-based, which makes it harder to detect because it doesn’t have a signature like other types of malware.

    These attacks work by injecting malicious code into applications you already have installed on your computer. Attackers can do this through phishing and social engineering. Once the code is included in a legitimate application, it can move laterally across your network to gain access to more information.

    What kinds of applications does it hijack?

    Fileless malware targets software you already have installed on your computer, like word processors or JavaScript applications. However, it also often uses native applications that you may not even realize you have, like Microsoft PowerShell or Windows Management Instrumentation (WMI). With these native tools, fileless malware applies malicious scripts into the benevolent ones, so the scripts will run while the app is performing routine processes.

    Look for indicators of attack instead of indicators of compromise

    Indicators of attack (IOAs) are signs that an attack might be in progress as opposed to indicators of compromise, which are evidence of steps attackers are taking to perpetuate an attack. IOAs on their own don’t necessarily signal an attack, but specific combinations of IOAs would. 

    For example, before someone robs a store, they may walk through it several times. This alone, of course, is not necessarily a cause for concern. However, should they pair that with returning after the store is closed and disabling a security system, clearly, the store is under attack. Similarly, a phishing email plus a small command execution and communication with someone offsite are often IOAs for cyberattacks.

    Use managed threat hunting services

    Active threat hunting is time-consuming and labor-intensive because it requires gathering and standardizing large amounts of data. In-house teams can struggle to hunt threats effectively and complete their normal work, meaning you’d need to hire people completely dedicated solely to threat hunting. However, you can also outsource this job to a managed threat hunting service. These services monitor networks 24/7 and proactively look for anything that might go unnoticed by traditional security systems. 

    Phishing prevention rules apply

    When looking to protect your business from fileless malware, it’s important to train your team on the steps they should take to prevent phishing attempts from succeeding. Don’t click on links in emails when you don’t know the sender, and double-check email addresses before opening any attachments. Also, legitimate businesses will never ask you for login credentials over email. Just trust your instincts. If something feels suspicious, it likely is. 

    Also read: Email Security Tips to Prevent Phishing and Malware

    Prevention is the best way to protect against fileless malware

    Fileless malware is very difficult to detect once it’s gotten onto your device, so prevention is the best way to protect against it. Teach your employees to be cautious about the links they click both from their email and online and to report suspicious activity to your IT team immediately. Consider employing managed threat hunting services to look for indicators of attack and proactively protect your network. By following these steps, your business can avoid a catastrophic breach.

    Read next: Eight Best Practices for Securing Long-Term Remote Work

    Jenn Fulmer
    Jenn Fulmer
    Jenn Fulmer is a writer for TechnologyAdvice, IT Business Edge, Channel Insider, and eSecurity Planet currently based in Lexington, KY. Using detailed, research-based content, she aims to help businesses find the technology they need to maximize their success and protect their data.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles