Multiple reports from leading cybersecurity research firms and endpoint security solution providers sounded the warning alarm on fileless attacks. The summation of all of these reports can best be summarized as “fileless attacks are on the rise. Enterprises must take note.”
SentinelOne, an endpoint security vendor, recently released their Enterprise Risk Index Report for the first half of 2018. In this study, SentinelOne discovered that 70% of the executables previously unknown to reputation services were fileless attacks.
Carbon Black, another prominent endpoint protection platform provider, found fileless malware accounted for over 50% of successful data breaches on financial businesses.
In a separate report, the distinguished Ponemon Institute learned fileless attacks made up 35% of all cyber-attacks in 2018. Furthermore, fileless attacks succeed 10 times more than regular file-based malware according to the research firm.
Information security nonprofit ISACA, in their “State of Cybersecurity 2018” report found ransomware attacks decreasing but being replaced by a rise in fileless attacks.
A fileless attack uses native endpoint processes such as PowerShell to run their malicious programming. Doing so negates the need to download a file and thus renders these attacks invisible to file-based or signature-based legacy antivirus solutions. In fact, it hides it exploitative programs in whitelisted processes.
To combat this wave of fileless attacks, the strongest tactics is to replace your enterprise’s legacy antivirus solution with a next-generation endpoint security solution with the capabilities to detect fileless malware (i.e. EDR). Indeed, legacy antivirus solutions are inadequately prepared to protect your enterprise from the modern digital threat landscape.
Some experts recommend cutting off potential attack vectors by disabling the most common targets such as PowerShell. However, other experts argue against those drastic measures as it could result in serious productivity issues for your enterprise. For example, PowerShell is vital for critical business process automation.