cyber security 72 ppi - What is a File-less Cyber Attack?

 

What does file-less mean?

Typically, cyber criminals have primarily delivered their malicious payloads, i.e. malware, key-loggers, Cryptominers and other threats as a locally installed file.  These files get in to your network or local computer through a number of different ways; email, malicious Internet sites, malicious email links, malicious ads, and the list goes on and on.

In recent years, researchers have found the preferred method of delivering malicious payloads is changing.  Researchers with IBM’s X-Force, found that in 2018 only 43% of attacks they analyzed started with a locally installed file, while 57% utilized PowerShell scripts to execute their attack in memory, in other words, file-less, without touching the computers file system (Nichols, 2019).

What does that mean for you?

The increase in memory-based attacks means that traditional detection methods don’t work. Older anti-virus solutions typically look for a files “Signature” to detect potentially malicious software. With memory-based attacks there are no files, and thus the old methods of detection fail.

As the number of file-less attacks continues to increase, you need to ensure that your method of protection against these attacks is still effective. Your local IT Managed Service Provider can provide you with access to new AI based endpoint protection that works against a wide range of attacks, specifically file-less, to keep your organization safe. If you are unsure if you are protected from today’s newest threats, ask a professional. Don’t leave your business vulnerable, find out today.

 

Shaun Nichols, (2019, Feb), The Register: Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints.  Retrieved Feb 2019, From The Register Website: https://www.theregister.co.uk/2019/02/26/malware_ibm_powershell/