Share Tweet Share





While security leaders search for more innovative ways to defend against threats, attackers are working just as hard to craft more sophisticated malware. One study found that 98% of malware was coded with at least one evasive tactic. And 32% were classified as “hyper-evasive,” meaning the malware contained six or more layered, evasive techniques.

Fileless malware is one of the most common forms of these evasive threats, accounting for 35% of all cyber attacks in 2018. According to McAfee, “Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.”

Much like traditional viruses, fileless malware operates in memory. These attacks are executed through trusted programs like Windows PowerShell, which gives your adversaries access to a command-line shell and scripting language that control almost everything in the Windows operating system. Because fileless malware has no signature or permanent presence in storage, attackers can evade frontline cybersecurity defenses as well as many forensic analysis tools.

But these types of attacks are nothing new. Back in 2017, fileless malware leveraging Microsoft PowerShell increased by 432%. And that growth is expected to continue: Analysts predict fileless malware will account for 38% of all attacks in 2019.

Defending against fileless malware isn’t going to get any easier. Already, cybercriminals are starting to find unique ways to combine fileless malware with other types of threats to launch multi-staged attacks. But all hope is not lost. Even as attackers become more sophisticated and fileless malware grows, you can protect your business with the right strategy and tools.

How to Protect Yourself Against Fileless Malware

Traditional antivirus and antimalware solutions were designed to scan files and signatures to identify and block malicious code before it compromises your systems. Investing in more of these traditional, signature-based tools won’t help you detect and defend against fileless malware. Instead, you need a multi-layered approach that goes beyond traditional threat detection to provide comprehensive endpoint protection.

Any multilayered approach to cybersecurity should consist of the following 7 key components.

1. Employee Education

Your employees are the frontline of your cyber defenses. Even the most advanced cybersecurity tools can prove ineffective if employees inadvertently give attackers access to your network. Cybersecurity training raises workforce awareness of warning signs of suspicious activity. Minimizing instances of human error across your workforce makes it more difficult for attackers to find a foothold, even if they’re using fileless malware. Turn your employees into vigilant proponents of cybersecurity so that even if fileless malware bypasses security tools, you’ll be alerted to behavioral anomalies.

2. Patches and Updates

While it’s true that attackers are becoming more sophisticated, it’s important not to give them more credit than they deserve. The reality is that attackers capitalize on low-hanging fruit in the form of unpatched vulnerabilities across your business. Studies show that the average company takes 38 days to patch a vulnerability. That’s more than enough time for attackers to launch a fileless malware attack that’s purpose-built for your vulnerable systems. Keeping your software up to date (especially vulnerable Microsoft applications like PowerShell) is essential to protecting your business against fileless malware.

3. Disable Unnecessary System Admin Tools

Fileless malware aims to compromise system admin tools, giving attackers free reign to exfiltrate invaluable data. In late 2018, an attack was identified that used a combination of the Windows Management Interface Command (WMIC) and CertUtil to install information-stealing malware. The system admin activity looked legitimate, but led to significant losses. Part of your multilayered approach to cybersecurity should be to limit use of system admin tools as much as possible. Continuously evaluate workflows and application usage to spot instances where a system admin tool is enabled, but inactive.

4. Strict Access Controls

Fileless malware targets legitimate system admin tools because they’re essential to your business. You can’t disable them all, so you need strict access controls in place to limit the availability of credentials which attackers can compromise to successfully attack your network.

To implement access controls across your business, you need:

Advanced antivirus solutions and strict firewall configurations

Two-step verification for all users

Application controls that prevent browsers and apps from spawning script interpreters like PowerShell, WMIC, and Java

Zero trust policies that limit user access and privileges to only what is necessary

Whitelisting of approved applications to improve usability.

5. Secure Browsing

In the past, site categorization was enough to keep your network safe. You could create a list of known malicious websites and ensure that employees never visited them on your network. But now, fileless malware and malicious code can infiltrate even your whitelisted sites. Your multilayered approach to cybersecurity should take concrete steps to secure browser activity.

Remote browser isolation is the means to that end. These solutions stop malicious code from infiltrating endpoint browsers without blocking access to URLs that haven’t been whitelisted. Balance security with employee experience while ensuring that malicious activity is blocked — all without interrupting workflows.

6. Phishing Protection

One advantage of implementing a formal cybersecurity training and awareness program is that it helps defend against phishing attacks. All it takes is for one employee to click on a malicious link in an email for fileless malware to infect your network. Because email is the most common way for attackers to launch phishing campaigns, you should supplement awareness training with email and spam gateways that provide an extra layer of protection against malicious activity.

Up to 4% of individuals click on phishing emails, even after going through training. And email gateways are likewise not fail-safe. So be sure to supplement email gateways and training programs with a remote browser isolation solution that can block suspected phishing sites or provides a read-only option to blocks users from entering credentials.

7. Continuous Monitoring

Traditionally, cybersecurity monitoring meant analyzing files as they came through your network and determining whether or not they contained malicious code. Now that fileless malware has become widespread, you need to identify malicious activity and scripts according to specific programs rather than files. Continuously collecting and analyzing data to spot malicious activity will give you a foundation for your multilayered security strategy and keep fileless malware from gaining a foothold in your network.

Endpoint protection is key to defending against advanced attacks

Fileless malware is just one type of the evasive threats that are putting pressure on traditional cybersecurity tools. Maintaining the cybersecurity status quo won’t keep you safe against these increasingly advanced attacks. As you create your own multilayer security strategy, shift your focus from defending the network perimeter to endpoint protection. The elements of multilayered approaches enumerated above all roll into a comprehensive endpoint security strategy that blocks threats before they reach the core of your network and gain access to invaluable data.

Don’t let advanced attackers get the better of you. Take the opportunity to update your strategy and stay ahead of sophisticated threats.

