While we are used to malware that gets placed in hard drives and then starts its activity, we cannot disregard a new tendency. The cyber world now faces an even more frightening threat: file-less malware that affects devices’ memories instead of hard drives. This means that no malicious executable is required for the hackers’ attack to take place. While malware is relatively easy to detect, file-less infections are much more complex in this area. Even powerful anti-virus tools might be deceived as the hard drive will not suggest any malicious activity. As it turned out, file-less strategies increased by more than 30% in the year of 2016. As traditional malware might be more and more replaced by the new variant, security researchers are forced to look for ways how to deal with the situation at hand.
How does a file-less attack work?
You might be surprised that conventional rules are broken by file-less infections. They do not place executables but take advantage of the software that is already present in the targeted device. If user operates with out-dated applications that are weakened due to vulnerabilities and flaws, memory-based attack can be initiated. Since no files are placed in computer, security tools have very little chance of detecting them. A lot more effort has to be put to spot a file-less virus in the RAM. Such attacks can obtain control over tools for OSs like WMI (Windows Management Instrumentation).
A research by Kaspersky Lab indicates that file-less attacks are no news to them and they have had to deal with such infections. According to them, for now, they are more informed about viruses that are against governmental insgtutions or banking facilities. It seems that using memory-based attack is handy when it comes to affecting banks. Kaspersky indicated that a number of its clients were discovered to be victims of the novel infection. About 150 separate facilities were determined to have already experienced file-less malware. The biggest number of attacks occurred in USA, France, Ecuador and Kenya.
How can file-less infections be bypassed?
Since anti-virus tools might be unable to help you once a file-attack has invaded your privacy, it would be best to prevent it from happening. You should always try to update your software applications to the latest version. Vulnerabilities are detected daily: always make sure that your operated programs have not been discovered to be flawed. Set limits for system administrative tools like PowerShell. Also, a new branch of security tools is being developed to fight memory-based infections. As this year might be the time when file-less attacks really begin to thrive, you should consider security measures we have listed.
Source: sputniknews.com.