When many organizations think about cyberthreats, the first thing that comes to mind is malware. If a piece of malware makes its way into a company, it can cause serious damage. Back at the start of 2019, a piece of malware infected the servers of a Maltese bank, leading to the loss of €13 million. And ransomware, the malware that encrypts its victims’ files to demand a ransom, caused chaos in large companies around the world last year.
But cyberthreats can also come from within an organization; so-called insiders can cause a long list of corporate cybersecurity problems. The average cost of an insider is over €10 million. And far from being an isolated issue, these incidents have increased 47% over the last year. These cases involve an employee endangering the business’s cybersecurity—either intentionally or accidentally. However, there is another internal element that, at first glance, seems to be no cause for concern.
Legitimate applications in the hands of hackers
The illegitimate use of applications for malicious purposes is one of the most prevalent cybercriminal trends. These fileless attacks increased by 94% in 2018, and were three times more frequent than ransomware. These attacks leverage applications that already exist on operating systems, such as Microsoft Office, WMI, or Adobe, to steal data and damage the victim’s system.
While the nature of these attacks varies, they are specifically designed not to write on the hard drive. Instead, this execute from the computer’s memory (RAM). The lack of malicious or potentially dangerous files on the hard drive means that it is impossible for traditional protection systems to detect the threat.
There is one characteristic that all of these kinds of incidents have in common: they are very hard to detect. This is due to the fact that these attacks don’t use any kind of code, which means that traditional antivirus cannot identify them. What’s more, the use of legitimate processes and applications makes it practically impossible to detect abnormal behavior.
As well as these similarities, fileless attacks often share entry vectors. Among the most common are remote access applications, administrative tools, and internal operating system components.
Advanced threats demand advanced technology
Given that fileless attacks are so difficult to spot, what can be done to stop them? One way to tackle them is to stop using the tools that cybercriminals tend to leverage in these attacks, such as PowerShell, therefore closing potential entry vectors. It is also vital to know what is running on all of the company’s computers at all times. Panda Adaptive Defense 360 monitors all of the activity on the IT system. This way, it is able to block any suspicious activity.
Fileless attacks are an ever-present danger for companies, and cybercriminals have many ways to exploit the legitimate applications on your system. Find out more about this cybercriminal tactic in our ebook, Danger Hiding in Plain Sight: Controlling Weaponizable Applications