Cyber security experts have noticed a spike in fileless malware attacks, which take advantage of the trust factor between security software and genuine, signed Windows applications. As they leave no trace in the system, ensuring a zero footprint in the computer system, it is difficult to notice the presence of the malware attack.
“Because this type of attack is launched through reputable, trusted executables, these attacks are hard to detect,” Internet security solutions firm McAfee Labs said.
It says the rapid rise of such attacks is a cause for concern. Unlike in traditional attacks where hackers sneak into systems by launching malware applications, fileless malware attacks do not install any software on a user’s computer.
“This makes a successful attack extremely hard to detect. Both consumers and corporate users can fall victim to this threat. In corporate environments, attackers use this vector to move laterally through the network,” McAfee points out.
Cyber security expert, Debasish Mandal, says CactusTorch is an example of a ‘fileless’ threat. It adopts the DotNetToJScript technique, which loads and executes malicious applications straight from memory. “These assemblies are the smallest unit of deployment of an application, such as a .dll or .exe. The malware does not write any part of the malicious .NET assembly on a computer’s hard drive,” he points out.
This makes traditional file scanners ineffective in detecting these intrusions. “We have seen a rapid growth in the use of CactusTorch this year. This can execute custom shellcode on Windows systems,” he says.
Many fileless malware campaigns have leveraged Microsoft PowerShell to launch attacks in memory, to create a back-door into a system. “What’s interesting is the number of variants discovered,” he says.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.