[News] [Part 2] FileLess Malwares : A Hidden Threat To Our Systems!

2018-03-12 11:27:41
4208 99

Hi, Mi Fans! How are you all?

Friends, in the previous thread, I explained about what the FileLess Malwares are and how they work. Incase you missed it, click here to read my previous thread so you can understand this thread even better! Friends, We hear a lot about how cyber security is gaining more strength and how new technology is at it's peak then why the cyber attacks like Ransomeware happens? It's because, criminals adapt to keep pace in the same way that organizations adapt. With a veritable renaissance in technology use under way, criminals have been advancing their methods of attack just like organizations have been advancing their methods for conducting business.

One of the more recent developments in attacker tradecraft is so-called "fileless malware." This trend , which emerged a few years ago but gained significant prominence in late 2016 and throughout 2017 , refers to malware that is designed specifically and architected  which to not require or in fact interact with at all with the filesystem of the host on which it runs. There’s no denying that fileless malware are sneaky critters, but the good news is that there are a number of things you can do as a user to minimize the risk of infection. Let' s learn about them in detail.

Prevention Strategies:

Keeping Your Apps And Operating System Up To Date:
  • One of the most effective ways to keep your system safe from malware is to simply keep all your software up to date with the latest security patches. As many as 85 percent of all targeted attacks can be prevented by simply applying the latest software patches.

  • For the ultimate peace of mind, ensure auto updates are enabled in the settings of your applications.

  • Most users disregard software updates because of preconceived notions such as:
    It will take up more of my computer’s memory

    It might make my computer run slower

    Or Even,
It may cause compatibility issues with my operating system or other apps

But we’re not in ‘90s anymore. Security updates are crucial for your security! Keeping your apps and OS updated at all times can rule out as many as 85% of targeted attacks (cyber attacks that target a specific vulnerability on your PC).

Disable PowerShell:
Windows PowerShell is a native Microsoft tool used for task automation and configuration management. Unfortunately, fileless malware often exploits certain vulnerabilities in PowerShell. If you don’t need to use PowerShell (and most home users probably don’t), use the following steps to disable it:

  • Press the Windows key.
  • Type “Control Panel”
  • Open Control Panel
  • Click Programs
  • Click Turn Windows features on or off
  • Scroll down to Windows PowerShell and untick
  • Click OK.

Monitor Traffic Logs For Suspicious Traffic:
  • Both fileless and conventional malware leave clues as to their existence, most commonly in the form of affecting your network’s traffic. If you notice network activity that is substantially different from the status quo, it’s possible that you may have been infected. There are many tools you can use to do this, including the native Windows Firewall. Search on goofle for step by step instructions on using Windows Firewall logs to track network traffic and identify suspicious behavior.

Use An Antivirus With Behavioral Detection:
  • Detecting fileless malware can be a challenging task for some antivirus products that focus exclusively on file properties. With this in mind, it’s important to choose antivirus software that can analyze your system’s behavior and pinpoint suspicious activity. By recognizing changes to the system’s usual patterns of behavior, these security solutions can identify malicious activity and promptly block and remove the threat.

Adopt The Principle Of Least Privilege:
  • A cornerstone of IT security, ensure that every user on the system has the lowest clearance needed to perform their task. This helps keep the damage to a minimum should a piece of fileless malware happen to slip past your computer’s defenses.

Blocking The Pages Hosting The Exploit Kit:
  • The infection starts when you end up on an infected website that hosts an exploit kit. But if you use a proactive security product, it can block the page as soon as you reach it, so the exploit kit can never reach the applications on your computer, for example, the browser. How?

  • By knowing that this compromised website is generated or connects to cyber criminal infrastructure. Attackers invest a lot in their infrastructure and rarely change it (because it takes time and a lot of money to do so). So this detection technique can be invaluable for your online security.

Blocking The Payload Delivery:
  • Once an exploit kit had identified a vulnerability in your system, it will connect to Command & Control servers to download the payload and place in your RAM memory. But if you’re adequately protected and your security suite knows that the exploit kit is trying to connect to malicious servers, it will stop the payload download. Once again, the fileless infection is blocked before it happens. Not even ransomware can get through!

Blocking The Communication Between Your PC And The Attackers’ Servers:
  • Let’s say the payload does end up on your system via a Zero Day vulnerability (a flaw in software for which no update exists, because the software maker doesn’t know about it). The next layer of protection insured by a proactive security product is to block the communication between your computer and the servers controlled by cyber criminals.
  • By doing this, the attackers won’t be able to retrieve the data collected from your PC, so data exfiltration attempts will be futile. Moreover, cyber criminals won’t be able to infect your system with additional malware.

So, Friends, As using a computer became essential to our lives, we strongly believe that so will cyber security. Not because we’re part of this industry, but because technology is increasingly complex and errors – in the form of vulnerabilities – are unavoidable. Those who gain online security literacy will have the upper hand when it comes to keeping their devices safe and protecting their data, which is increasingly stored and managed online. It is not a rocket science. The steps are very easy to avoid such threats and any one can learn it, do it. You can do it too! And the fact that you have read this thread all the way through is proof!

I would love to know your thoughts on this topic so don't forget to comment in the comment box below. See you soon with one more interesting topic. Till then, take care and stay safe!

Sources : 1 , 2


Number of participants 1 Experience +20 Pack Reason

View Rating Log

2018-03-12 11:27:41
Favorites66 RateRate

Techie Team

meetgour | from Redmi Y1


Nice Thread! Thanks for sharing!!
2018-03-12 11:32:30

Super moderator

Furqaan | from Redmi Note 5 Pro


Informative article!!
2018-03-12 11:55:31

Techie Team

Subhash_Deshmukh | from Redmi Note 4


Well Explained!...
2018-03-12 12:14:39

Techie Team

Sam_crazy Author | from Redmi Note 4


Thank you brothers :)
2018-03-12 12:40:42

Advanced Bunny

smshafeek | from Redmi 4


good information well informed
2018-03-12 13:01:15

Master Bunny

lodayakamlesh | from MI 5


Thanks for sharing..
2018-03-12 13:40:26

Semi Pro Bunny

1678601305 | from Redmi 4A


thanks for sharing
2018-03-12 14:02:20

Pro Bunny

Vicnfsmw | from Redmi Note 5 Pro


Good info.
2018-03-12 14:02:39

Semi Pro Bunny

shampy397 | from Redmi Note 5 Pro


yes very good
2018-03-12 14:11:30

Semi Pro Bunny

Sabby123 | from Mi A1


thanks for sharing
2018-03-12 18:22:16
please sign in to reply.
Sign In Sign Up
  • Followers


  • Threads


  • Replies


  • Points


3 días seguidos
7 días seguidos
21 días seguidos
40 días seguidos
70 días seguidos
Dec-100 replies in a month
100 ответов в декабре
Techie Team Member
2018 New Year Medal

Mi Comm APP

Stay updated on Mi Products and MIUI

Copyright©2016-2018, All Rights Reserved
Content Policty
Quick Reply To Top Return to the list