[News] [Part 1] FileLess Malwares : A Hidden Threat To Our Systems!

2018-03-10 04:34:21
9501 124

Hi Mi Fans! I hope you are well and good!

Friends, we all have heard about Ransomware in past few months. Ransomware may have claimed the lion’s share of media headlines in 2017, but there’s another type of attack that has become increasingly common in recent months – fileless malware. As per the recent statistics, Malware is advancing at an unprecedented rate, with four new strains discovered every minute. The rate of fileless malware attacks increased from three percent at the beginning of 2016 to 13 percent last November. This is already a lot for businesses to worry about and it doesn't even cover the other threats that haven't been detected.

Many attackers have evolved their techniques to evade common security solutions in order to cause the most damage to an infected machine and get away with more information, but fileless malware serves up even more of a risk for companies. Fileless malware has been used more recently to bypass traditional file scanning technology and lie undetected within infected machines. Although this type of strain might not be as well covered as other flashy strains, fileless malware is a hidden threat that should concern businesses. We'll see in depth what it is and how does it work?

What Is Fileless Malware?
  • Fileless malware goes by many names, including ‘non-malware’, ‘memory-based malware’ and ‘living off the land attacks’. Whatever you choose to call it, fileless malware refers to a special type of cyberattack that can infect a system with malware without leaving an executable file on disk. It’s not fileless in the sense that no files are involved whatsoever; rather, the term refers to the fact that – unlike conventional malware – fileless malware can deliver its payload without dropping anything suspicious onto a machine’s hard drive.

  • Fileless malware infection is one of the many techniques used to take advantage of process vulnerabilities – i.e., making the browser run malicious code, leveraging Microsoft Word macros or using Microsoft's PowerShell utility – but is uniquely geared to fly under the radar. Fileless malware is written directly onto a computer's RAM through carefully crafted PowerShell scripts. According to TechRepublic contributor Jesus Vigo, once access is granted, PowerShell executes a hidden command against the system, which varies based on an attacker's intentions and length of time planned for the breach.
  • So, In short, File Less malwares allow cybercriminals to skip steps that are needed to deploy malware-based attacks, such as creating payloads with malware to drop onto users' systems. Instead, attackers use trusted programs native to the operating system and native operating system tools like PowerShell and WMI to exploit in-memory access, as well as Web browsers and Office applications.

  • McAfee is also reporting an increase in fileless attacks. Macro malware, which accounts for a significant chunk of fileless malware, increased from 400,000 at the end of 2015 to over 1.1 million during the second quarter of this year. One of the reasons for the growth is the emergence of easy-to-use toolkits that include these types of exploits and as a result, the use of fileless attacks, which was previously mostly limited to nation states and other advanced adversaries, has been democratized, and is now common in commercial attacks as well.

So, if fileless malware isn’t stored on your hard drive, where does it live?

1. In your RAM:
  • Random access memory (RAM) is a form of computer data storage that allows information to be stored and retrieved temporarily. Some strains of fileless malware can reside in your RAM and remain there until executed without stepping foot on your hard drive. This type of fileless malware is relatively rare because it can only survive until you restart your computer, which completely clears the RAM.

2. In the Windows Registry:
  • With the shortcomings of RAM-based malware in mind, cybercriminals have developed a new type of fileless malware that resides in the Windows Registry. The Windows Registry is an enormous database that stores low-level settings for the Windows operating system as well as all the applications that use the registry. Kovter and Poweliks are two examples of fileless malware that make use of the Windows Registry to infect users without leaving any incriminating files on disk. In most cases, the malware relies on the use of native Windows tools such as PowerShell and Windows Management Instrumentation (WMI).

How Does It Work?
Here’s a real-life scenario of how a fileless infection could compromise your computer.

  • You use Chrome that has the Flash plugin installed. It can also be any other browser that supports this plugin or Javascript.
  • Your Flash plugin is outdated, because you haven’t had time to install the updates.
  • You end up on a website that hosts the Angler exploit kit.

  • The exploit kit scans for vulnerabilities and finds one in your Flash plugin. It immediately starts running the payload it in the memory of your Chrome process.
  • If, for example, the payload is a ransomware strain, it will connect to the Command & Control servers controlled by the attackers and get the encryption key.
  • The last step is to encrypt the data on your PC, locking you out and asking for a hefty ransom to give you access to it once again.

As you can see, the payload (the part of malware which performs a malicious action) is injected directly into the process used for the exploitation and run in your computer’s RAM memory. In order to avoid detection by traditional antivirus products, attackers chose not to install a malware program on a disk drive, which could be detected through signature scanning. In order to avoid detection by traditional antivirus products, attackers chose not to install a malware program on a disk drive, which could be detected through signature scanning.

So, Friends ,As using a computer became essential to our lives, we strongly believe that so will cyber security. Not because we’re part of this industry, but because technology is increasingly complex and errors – in the form of vulnerabilities – are unavoidable.Those who gain online security literacy will have the upper hand when it comes to keeping their devices safe and protecting their data, which is increasingly stored and managed online.

It's a vast topic so I can't cover in one thread. Stay tuned for the Part-2 in which I will discuss how to protect your systems from these types of malwares, different protection strategies and about ways to minimize/avoid malware infections with some more points. Don't forget to comment in the comment box below so I can know how much did you like this thread. See you soon with Part-2. Till Then, Take Care!

Sources : 1 , 2 , 3
2018-03-10 04:34:21
Favorites114 RateRate

Techie Team

Sampath madurai | from Redmi Note 4


Nice Thanks for your information
2018-03-10 04:40:59

Semi Pro Bunny

Rahulk200013 | from Redmi 4A


loved it
waiting for part 2
2018-03-10 06:59:59

Grandmaster Bunny

Ashoks | from Redmi 3S


Nice Thread
2018-03-10 07:29:52
thanks for sharing
2018-03-10 07:58:30

Pro Bunny

shampy397 | from Redmi Note 5 Pro


2018-03-10 08:33:15

Pro Bunny

Xee159 | from Redmi Note 4


Nice information
2018-03-10 09:15:54

Master Bunny

Saajan Palta | from Redmi Note 3


Nice Thread
2018-03-10 11:27:59

Advanced Bunny

nyc.sachin | from Redmi Note 5 Pro


appreciating post...its really full of awareness
2018-03-10 11:32:22
Always Try To Happy, Live and Let Live.
Care for Animals

Techie Team

Sam_crazy Author | from Redmi Note 4


appreciating post...its really full of awareness

Thank you very much. It really motivates to keep it up! :)
2018-03-10 11:36:36

Techie Team

meetgour | from Redmi Y1


Well Explained!!
2018-03-10 12:25:58
please sign in to reply.
Sign In Sign Up


Techie Team

  • Followers


  • Threads


  • Replies


  • Points


Check-in 3 jours
Check-in 7 jours
Check-in 21 jours
Check-in 40 jours
Check-in 70 jours
Check-in 100 jours
Dec-100 replies in a month
100 ответов в декабре
Techie Team Member
2018 New Year Medal
Mi Community Updater
Color Your Planet
The Motivator

Copyright©2016-2018 Xiaomi.com, All Rights Reserved
Content Policy