Cyber-criminals are increasingly applying « fileless » attacks in 2018 that leverage trusted Windows executables to invade systems and breach corporate networks, a new report has said.
Cyber-criminals are increasingly applying « fileless » attacks in 2018 that leverage trusted Windows executables to invade systems and breach corporate networks, a new report has said.
« Fileless » attacks that don’t drop malware on a victim’s system. Instead, they use tools already installed on computers or run simple scripts and shellcode in memory, often hidden in the Windows Registry.
According to global cyber security firm McAfee Labs, the « fileless » attacks are growing in 2018 as these attacks are launched through reputable executables (or memory) and are hard to detect.
« One fileless threat, CactusTorch, uses the ‘DotNetToJScript’ technique which loads and executes malicious. NET assemblies straight from memory, » McAfee said in a statement.
« In 2018, we have seen rapid growth in the use of CactusTorch, which can execute custom shellcode on Windows systems, » it added.
Both consumers and corporate users can fall victim to this threat. In corporate environments, attackers use this vector to move laterally through the network.
In McA’ee’s « Q2 Threat » report, many fileless malware campaigns were discovered to leverage Microsoft PowerShell to launch attacks in memory to create a backdoor into a system — surging 432 per cent over 2017.
« Fileless » malware takes advantage of the trust factor between security software and genuine, signed Windows applications.
