• Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • Gaming
  • Computing
  • Internet
  • Phone and communications
  • Software
  • Mobile computing

The source for tech buying advice

The latest technology news and reviews, covering computing, home entertainment systems, gadgets and more.

Why 'fileless malware' is the biggest new threat to your business

April 17, 2018 By discountbonus_sd3n3h


Fileless Malware, or Advanced Volatile Threat, is malware that can launch without being stored on disk.   

Does this matter? If you’re relying on your defences detecting malware before it hits you, then yes. Fileless malware outsmarts those defences, and they’re not just being used by sophisticated nation states. 

  • Check out our list of the best antivirus software of 2018

Antivirus – failing to detect

Previous generations of malware stored their payload on disk, either as an executable file or script, and then executed it or arranged for the system to run it at later. Anti-virus software is designed to exploit this behaviour. By intercepting accesses to the file store, AV software can detect the creation of a file and check its contents for signatures of known malware. When it detects malware, it deletes or quarantines the offending file before it can run. 

If malware doesn’t write any code to disk, AV software never sees it. So even if the malware’s signatures are known, it will never be found. 

Fileless malware works by “living off the land”. This means it exploits tools already stored on the victim machine. Nothing new here – it’s why it has always been right to remove unnecessary software– but the tools involved are now much more powerful and has become de riguer amongst attackers to exploit them. The problem is, and always has been, that you cannot remove the software being used by the malware, as it is an integral part of the system. On Windows the use of Powershell scripts is essential, and Powershell can control every aspect of the machine. So attackers can, and will, make good use of it, while you can’t remove it. 

AV software could catch up. For example, it could intercept the system calls that start Powershell and inspect the parameters to check for signatures of known malware. But it will be tough to do effectively because many additional system calls can launch malware and AV software needs to intercept them all without disrupting normal operations.

Malware detection – The impossible dream

This is why Fileless Malware is hitting the headlines. Malware detection techniques – whether looking at data or behaviour – can’t cope with it. This doesn’t sound like good news. Data is the lifeblood of the digital economy, and thanks to Fileless Malware, you cannot trust any of it. 

This tells us that differentiating malware from safe data is not always possible. Detection doesn’t work, but that doesn’t mean detection is needed to defeat malware. 

  • The best free anti-malware software of 2018

Content Threat Removal – Defeating the unknown

The key observation that leads to a solution is that it is not data which is the lifeblood of the digital economy, but information. What we need is the information, not the data that carries it. This means we don’t need to trust the data if we can get the information without it. This is the core concept at the heart of Content Threat Removal (CTR). It does not attempt to decide if it can trust certain data – all data is distrusted and none is allowed to pass. Instead it extracts the information, discards the data and then builds completely new data to carry the information. 

Fileless malware lives in data. Therefore extracting information from the data will leave malware behind. Where business information includes active, code-like, functionality – such as functions in spreadsheets – it is possible to carry malware into the extracted information. However CTR only extracts and carries structures that are known to be safe. 

Content Threat Removal is the only way of defeating the unknown content threat. Fileless malware is nothing special. It is defeated in the same way as any other threat lurking in content.      

Dr. Simon Wiseman is CTO at Deep Secure. He has over 30 years experience in the field of Government computer security, and has pioneered work on the use of data transformation to defeat attacks in digital content.

  • Check out our list of the best internet security suites 2018



Source link

Filed Under: Computing

Disclaimer: All the links on this page are ‘affiliate links’. This means we will earn commission from every customer we refer from this website. Our reviews are honest, we wouldn’t waste your time or put our reputation on the line by recommending anything we didn’t fully believe in.

Primary Sidebar

Disclaimer: All the links on this page are ‘affiliate links’. This means we will earn commission from every customer we refer from this website. Our reviews are honest, we wouldn’t waste your time or put our reputation on the line by recommending anything we didn’t fully believe in.

Recent Posts

Samsung Galaxy S21 to drop the charger? What Samsung can learn from the iPhone 12

Samsung Galaxy S21 to drop the charger? What Samsung can learn from the iPhone 12

Samsung is rumored to be dropping the charger from its box for the Galaxy S21, … [Read More...] about Samsung Galaxy S21 to drop the charger? What Samsung can learn from the iPhone 12

  • OVH services still haven't been fully restored following fire
  • iMac (2021) release date, price, news and leaks
  • Instagram like counts could soon return

Follow Us Online

  • Facebook
  • Google+
  • LinkedIn
  • Pinterest
  • Twitter

Footer

Menus

  • Contact
  • Terms of Service
  • Privacy Policy

Most Posts

  • Realme C25 goes on sale: price, specs, and availability
  • Gaming
  • Computing
  • Internet
  • Phone and communications
  • Software
  • Mobile computing

Newsletter

Copyright © 2021 · WordPress · Log in