April 4, 2017 By Larry Loeb 2 min read

In the online world, a long-running attack standard is to have a program file serve as the main execution prompt. This malware file is the brains of the operation — imagine the scene of a henchman breaking into a basement window to gain entry.

But as the digital world evolves, different attack methods emerge. Some try to evade security tools, using only the resident programs and processes on a system. Fraudsters determined that they could circumvent defense programs designed to analyze file structures by eliminating the need to open a malware file.

Businesses at High Risk of Fileless Attacks

Carbon Black polled 410 security researchers and came up with a variety of data about fileless, nonmalware attacks. For example, 64 percent of respondents said they had seen an increase in this type of attack since the beginning of 2016. Worse, two-thirds of respondents said they were not confident that their legacy antivirus solutions would be able to prevent these kinds of attacks. Furthermore, 47 percent of professionals reported a lack of visibility with their legacy solutions.

Researchers are categorizing these types of attacks as high-risk. Ninety-three percent of respondents said that nonmalware attacks would pose “more of a business risk than commodity malware attacks.”

Resident Security Tools

CSO Online categorized the kinds of nonfile attacks seen by researchers as remote logins (55 percent), Windows Management Instrumentation-based attacks (41 percent), in-memory attacks (39 percent), PowerShell-based attacks (34 percent) and attacks using Office macros (31 percent).

Researchers also tried to find out how enterprises were using security tools to combat this threat. The top responses included employee awareness training, turning to next-generation antivirus (NGAV), increased focus on patching and limiting or locking down personal device usage as needed.

Creating Defense Processes

There are, of course, effective ways to detect and fight this sort of attack. “Do more than just monitor files,” a researcher from Carbon Black suggested. “It is critical that processes are also monitored. If you look at the command line and see what PowerShell is being used for, if the context doesn’t make sense, then investigate. Moreover, if you look at the command line and see text that looks like it is unrecognizable or random instead of just English, that also is a red flag.”

Within the changing digital landscape, an attack is not just made up of files anymore; it can trick a system into maliciously turning against itself.

More from

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today