{"id":14507,"date":"2019-02-06T07:00:02","date_gmt":"2019-02-06T15:00:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/02\/06\/news-8257\/"},"modified":"2019-02-06T07:00:02","modified_gmt":"2019-02-06T15:00:02","slug":"news-8257","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/02\/06\/news-8257\/","title":{"rendered":"The Fileless, Non-Malware Menace"},"content":{"rendered":"

Credit to Author: Trend Micro| Date: Wed, 06 Feb 2019 14:00:16 +0000<\/strong><\/p>\n

\"\"<\/p>\n

There\u2019s an old expression: if it looks like a duck, walks like a duck, and quacks like a duck, then it must be a duck.<\/p>\n

What happens, though, if the duck in question is malware that doesn\u2019t behave like typical malware? Namely, it doesn\u2019t drop a file on your disk to infect your computer, hijack system processes, or steal your data, but can do these things without landing<\/em>\u2014even lock your system (as with ransomware) in mid-air, if you will. It\u2019s therefore, a kind of non-malware malware<\/em>, otherwise known as a fileless attack<\/em>. How do you protect yourself from something that doesn\u2019t look, walk, or quack like a malware duck\u2014and yet, is a kind of predatory bird you don\u2019t want flying around in the secret spaces of your computer?<\/p>\n

Read on if you\u2019re a hunter of such birds. A big ounce of prevention (in the form of precautions) and a virtual pound of cure (in the form of Trend Micro Security) can help protect you from fileless malware.<\/p>\n

Stealthy Threats in Plain Sight<\/strong><\/h3>\n

Fileless threats have been around for years, though lately, such threats are on the rise precisely because fileless attacks are more stealthy and subtle than malware executables dropped on your disk, which can be more readily caught by traditional antivirus software. Fileless malware<\/a> is \u201cvery resistant to [antivirus] forensic strategies that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, [and] time-stamping, etc.,\u201d because it does not write itself to disk (Wikipedia<\/em>). \u00a029% of attacks faced in 2017 were of the fileless kind, according to a study conducted by the Ponemon Institute, The 2017 State of Endpoint Security Risk<\/a><\/em>), up from 20% the year before; while this year it projects that 35% of all attacks will be fileless by year\u2019s end. Trend Micro has also noted this alarming trend in its 2018 Midyear Security Roundup<\/a><\/em>, with 24,430 fileless attacks detected in January 2018 rising to 38,189 fileless events by June. Fileless attacks may be stealthy and subtle, but there\u2019s nothing subtle about these rising numbers.<\/p>\n

So what, exactly, is<\/em> a fileless attack? It usually starts in a familiar way, with a web popup that instructs you to \u201cupdate\u201d a piece of software (like your Flash Player), so that it \u201cruns properly;\u201d or with a spam or phishing message, which entices you to click on a malicious link, which starts the infection process; or to open what seem<\/em> to be normal files and are anything but. When you do so, the action injects malicious code into your system.<\/p>\n\n\n\n\n
<\/td>\n\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The upshot is that fileless attacks can persist undetected in memory or in your system, completely ignored by traditional antivirus programs applying their solutions to malicious files that land on your disk\u2014and your sensitive data is compromised or stolen, pilfered by the cybercriminal, or your computer is locked, as with ransomware. Meanwhile, once established, a network channel may be opened up to the hacker\u2019s command-and-control center for further exploits of your system.<\/p>\n

A Big Ounce of Prevention<\/strong><\/h3>\n

So what can you do to guard against fileless attacks?<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Start by educating yourself. There are countless websites, videos, and webinars that you can use to learn more about this ever-expanding threat, the various forms it takes to infect you, and the consequences to your system.<\/li>\n
  • Secure possible points of entry. Fileless malware\u2019s attack vectors are known to be spam email, malicious websites\/URLs (especially if they use an exploit kit), and vulnerable third-party components like browser plug-ins. Use anti-spam and web threat protection (see below).<\/li>\n
  • Be wary of macros. Some Microsoft Office documents when opened prompt you to enable macros (or “enable content”). Of course, the safest way is to disable macros to prevent unsecured code from running in your system. However, if enabling macros can\u2019t be avoided, ensure that you disable all but digitally signed macros. With your Microsoft Office document open, go to File > Options > Trust Center > Trust Center Settings > Macro Settings > Disable all macros except digitally signed macros.<\/li>\n
  • Disable unnecessary components. As mentioned, a fileless attack can also come in the form of exploits in vulnerable third-party components like browser plug-ins, or even tools like PowerShell itself. Disabling unused or outdated components can limit the ways an attacker can breach a system or network. Disable built-in Windows tools that you don\u2019t use such as PowerShell. To do this just go to Start > Windows System > Control Panel > Programs > Turn Windows features on or off > Uncheck Windows PowerShell 2.0.<\/li>\n
  • Do not open files (executable files, documents, scripts) from untrusted locations (unknown websites, email attachments), because malicious files can be the instigators to perform fileless attacks through embedded or downloaded payloads.<\/li>\n
  • Always keep everything installed in your system updated. Schedule Windows Updates and other installed software updates weekly.<\/li>\n
  • Install antivirus software that can detect and mitigate fileless threats in memory<\/em>, as well as protect against different layers of malware exposure.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

A Virtual Pound of Cure<\/strong><\/h3>\n

For the last precaution, you should install and use Trend Micro Security<\/a>, which actually has a low impact on the performance of your system, while providing a \u201cvirtual pound\u201d of cure. Its behavior monitoring, active script analysis, exploit shield, and real-time memory and registry scan enhancements can detect and block the following fileless threats:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Exploit attacks on approved applications<\/li>\n
  • Script-based attacks using interpreted code such as Java, PowerShell, and WMI<\/li>\n
  • Exploit code stored in registry keys or process memory<\/li>\n
  • Malicious memory operations in legitimate processes, such as reflective DLL injections (loaded from memory) and process hollowing.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Note that legacy systems (such as Windows 2000, XP, and soon Windows 7) are most vulnerable to fileless assaults, reinforcing the brutal fact that old-style, signature-based antivirus engineered to detect malicious files cannot fully protect your system. You need state-of-the-art, multi-layer antivirus that can address these fileless threats. With Trend Micro Security<\/a> fileless threats have nowhere to hide.<\/p>\n

The post The Fileless, Non-Malware Menace<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Trend Micro| Date: Wed, 06 Feb 2019 14:00:16 +0000<\/strong><\/p>\n

\"\"<\/p>\n

There\u2019s an old expression: if it looks like a duck, walks like a duck, and quacks like a duck, then it must be a duck. What happens, though, if the duck in question is malware that doesn\u2019t behave like typical malware? Namely, it doesn\u2019t drop a file on your disk to infect your computer, hijack…<\/p>\n

The post The Fileless, Non-Malware Menace<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10789,10987,20854,19552,20855,20856],"class_list":["post-14507","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-consumer","tag-exploits","tag-fileless-threats","tag-injections","tag-non-malware-malware","tag-script-attacks"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14507"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14507\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14507"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}