In the online world, a long-running attack standard is to have a program file serve as the main execution prompt. This malware file is the brains of the operation — imagine the scene of a henchman breaking into a basement window to gain entry.

But as the digital world evolves, different attack methods emerge. Some try to evade security tools, using only the resident programs and processes on a system. Fraudsters determined that they could circumvent defense programs designed to analyze file structures by eliminating the need to open a malware file.

Businesses at High Risk of Fileless Attacks

Carbon Black polled 410 security researchers and came up with a variety of data about fileless, nonmalware attacks. For example, 64 percent of respondents said they had seen an increase in this type of attack since the beginning of 2016. Worse, two-thirds of respondents said they were not confident that their legacy antivirus solutions would be able to prevent these kinds of attacks. Furthermore, 47 percent of professionals reported a lack of visibility with their legacy solutions.

Researchers are categorizing these types of attacks as high-risk. Ninety-three percent of respondents said that nonmalware attacks would pose “more of a business risk than commodity malware attacks.”

Resident Security Tools

CSO Online categorized the kinds of nonfile attacks seen by researchers as remote logins (55 percent), Windows Management Instrumentation-based attacks (41 percent), in-memory attacks (39 percent), PowerShell-based attacks (34 percent) and attacks using Office macros (31 percent).

Researchers also tried to find out how enterprises were using security tools to combat this threat. The top responses included employee awareness training, turning to next-generation antivirus (NGAV), increased focus on patching and limiting or locking down personal device usage as needed.

Creating Defense Processes

There are, of course, effective ways to detect and fight this sort of attack. “Do more than just monitor files,” a researcher from Carbon Black suggested. “It is critical that processes are also monitored. If you look at the command line and see what PowerShell is being used for, if the context doesn’t make sense, then investigate. Moreover, if you look at the command line and see text that looks like it is unrecognizable or random instead of just English, that also is a red flag.”

Within the changing digital landscape, an attack is not just made up of files anymore; it can trick a system into maliciously turning against itself.

More from

Increasingly Sophisticated Cyberattacks Target Healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

4 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read