Fileless malware is becoming a mainstream form of cybercrime and it can be pretty scary. Fileless malware is almost impossible to detect because it hides in isolated spots in a computer’s memory, meaning it doesn’t rely on hard drive files to work. Since it doesn't create files, it is very difficult to find, which means that hackers can infiltrate your computer in secrecy and steal your information.
2. Can't Be Detected By Typical Anti-Malware Software
Two weeks ago, Kaspersky Labs found the Fileless malware in the networks of over 140 banks and other organizations. The banks are located in 40 countries, with the majority of them being in the United States, France, Ecuador, Kenya and the U.K. In the Unites States, there were 21 attacks on enterprises.
Kaspersky Labs may not have found the malware if it weren’t for an unnamed bank that found it operating in the memory of one of its domain controllers. A domain controller is a server on a Windows network that deals with security authentication requests.
The attackers used the information they got from the domain controls to move deeper into the network. They retrieved admin passwords and credentials, and were eventually able to withdraw money from ATMs and customer accounts.
The 2014 cyber-attack on Target is now thought to be due in part to fileless malware. Hackers initially gained access to the system by stealing a username and password from Fazio Mechanical Services, a company that provides HVAC and refrigeration systems to large chain stores.
Gartner Security analyst, Avivah Litan, suggested several things companies can do to make themselves less vulnerable to fileless malware. For example, she suggested companies invest in products that protect against in-memory attacks. Symantec and McAfee are just a couple of anti-malware software that are adding in-memory protection. She also suggested to limit the use of Windows PowerShell to just some endpoint computers.
Fileless malware may soon morph into fileless ransomware. Ransomware is when you’re computer becomes locked until a certain amount of money is paid. Ransomeware is becoming more popular, along with fileless malware, so it seems like there is an inevitable marriage of the two viruses in the future.