Media reporting has highlighted a recent warning from Microsoft that so-called ‘fileless’ malware attacks are on the rise.
According to the report, the trend towards fileless malware is being driven by the increasing effectiveness of antivirus solutions, which can detect the installation of malicious files on a hard-drive.
By contrast, traditional anti-malware products find fileless malware significantly more difficult to detect. This is because the malicious payload is not written to the hard-drive and is instead run directly in the system’s memory.
Fileless malware can use the default tools present on a computer, such as Powershell, to achieve malicious effects, a tactic known as ‘living-off-the-land’.
Whilst fileless malware is nothing new, knowledge of how to implement it is becoming more widespread. This has been accelerated by an increase in the number of tools that assist in the creation of fileless malware. The use of fileless malware and other more sophisticated techniques will become increasingly prevalent as malicious actors find new ways of circumventing security controls.
The simplest way to avoid this type of threat is to disable tools such as Powershell and Windows Management Instrumentation (WMI).
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.