There’s an old expression: if it looks like a duck, walks like a duck, and quacks like a duck, then it must be a duck.
What happens, though, if the duck in question is malware that doesn’t behave like typical malware? Namely, it doesn’t drop a file on your disk to infect your computer, hijack system processes, or steal your data, but can do these things without landing—even lock your system (as with ransomware) in mid-air, if you will. It’s therefore, a kind of non-malware malware, otherwise known as a fileless attack. How do you protect yourself from something that doesn’t look, walk, or quack like a malware duck—and yet, is a kind of predatory bird you don’t want flying around in the secret spaces of your computer?
Read on if you’re a hunter of such birds. A big ounce of prevention (in the form of precautions) and a virtual pound of cure (in the form of Trend Micro Security) can help protect you from fileless malware.
Stealthy Threats in Plain Sight
Fileless threats have been around for years, though lately, such threats are on the rise precisely because fileless attacks are more stealthy and subtle than malware executables dropped on your disk, which can be more readily caught by traditional antivirus software. Fileless malware is “very resistant to [antivirus] forensic strategies that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, [and] time-stamping, etc.,” because it does not write itself to disk (Wikipedia). 29% of attacks faced in 2017 were of the fileless kind, according to a study conducted by the Ponemon Institute, The 2017 State of Endpoint Security Risk), up from 20% the year before; while this year it projects that 35% of all attacks will be fileless by year’s end. Trend Micro has also noted this alarming trend in its 2018 Midyear Security Roundup, with 24,430 fileless attacks detected in January 2018 rising to 38,189 fileless events by June. Fileless attacks may be stealthy and subtle, but there’s nothing subtle about these rising numbers.
So what, exactly, is a fileless attack? It usually starts in a familiar way, with a web popup that instructs you to “update” a piece of software (like your Flash Player), so that it “runs properly;” or with a spam or phishing message, which entices you to click on a malicious link, which starts the infection process; or to open what seem to be normal files and are anything but. When you do so, the action injects malicious code into your system.
The upshot is that fileless attacks can persist undetected in memory or in your system, completely ignored by traditional antivirus programs applying their solutions to malicious files that land on your disk—and your sensitive data is compromised or stolen, pilfered by the cybercriminal, or your computer is locked, as with ransomware. Meanwhile, once established, a network channel may be opened up to the hacker’s command-and-control center for further exploits of your system.
A Big Ounce of Prevention
So what can you do to guard against fileless attacks?
A Virtual Pound of Cure
For the last precaution, you should install and use Trend Micro Security, which actually has a low impact on the performance of your system, while providing a “virtual pound” of cure. Its behavior monitoring, active script analysis, exploit shield, and real-time memory and registry scan enhancements can detect and block the following fileless threats:
Note that legacy systems (such as Windows 2000, XP, and soon Windows 7) are most vulnerable to fileless assaults, reinforcing the brutal fact that old-style, signature-based antivirus engineered to detect malicious files cannot fully protect your system. You need state-of-the-art, multi-layer antivirus that can address these fileless threats. With Trend Micro Security fileless threats have nowhere to hide.