FAQs archive

Q: What is fileless attack and how to stop them?

What is fileless attack? Fileless malware attacks are also referred to as fileless attacks. They are sometimes also referred to as non-malware attacks, although the term is not technically accurate. Unlike file-based attacks, fileless malware attacks do not download malicious files or write content to disk. Attackers exploit application vulnerabilities to inject code directly into the memory space of an existing application. They can also leverage trusted office applications or administration tools native to Windows OS, such as PowerShell or Windows Management Instrumentation (WMI), to run scripts and load malicious code directly into memory. Like all attacks, the goal is to gain control of computers to achieve the attacker’s goal, such as destruction, distortion (ransomware), data/credential theft, or additional attacks. How to Stop Fileless Attacks at Pre-execution At Bitdefender, we challenge ourselves to protect our customers against the full spectrum of threats: file-based and fileless malware. As in the example illustrated above, a phishing email containing a link takes the user to an exploit-hosting site. The browser exploit triggers PowerShell running command line (script), then PowerShell follows the instructions to download additional script (typically a larger command line) from a remote site. The larger command line contains fileless malware that is assembled and run directly in memory. In a second example, a user may receive a phishing email with a .doc attachment containing a macro. If the user enables the macro, essentially a VBA script, it triggers the PowerShell script that downloads additional scripts containing fileless malware code from a remote location. It then injects that malicious code into the memory space of a vulnerable application.

Q: Is there an alternative to the expensive MS Office programs?

YES – As a free alternative, the open source program Apache OpenOffice has proven itself for many years. OpenOffice offers, like Microsoft Office various programs for word processing, spreadsheet, presentation and a database program. In addition, it includes a formula editor and a drawing program. OpenOffice is available for all major operating systems (Windows, MacOS X, Linux). With its compatibility with the widely used MS Office formats (.DOC, .XLS, .PPT, .MDB), data exchange with users of other office suites is no problem. Apache OpenOffice can be downloaded for free via the following link https://www.openoffice.org/download/index.html For beginners and changers we recommend the book ( only in german ) OpenOffice 4 für Ein- und Umsteiger by Jörg Schieb

Q: Current warning against applications in Microsoft Word format

The CERT-Bund, die Computer-Gefahrenstelle der Bundesverwaltung , is currently warning of an outbreak of the GandCrab encryption Trojan. The sender of this e-mail is "Saskia Heyne" and the subject is "Bewerbung auf die angebotene Stelle". Attached to this email is a Word document which, when opened, tries to persuade the user to activate macros. Without this step, the Trojan cannot execute its malicious code. Only open Word files containing macros if you have obtained them from a 100% trustworthy source.

What is fileless attack and how to stop them?

Guido Herrig2022-09-29T21:02:29+02:00

Unlike file-based attacks, fileless malware attacks do not download malicious files or write content to disk.

What is fileless attack and how to stop them?Guido Herrig2022-09-29T21:02:29+02:00

Is there an alternative to the expensive MS Office programs?

stotti2022-09-29T21:04:48+02:00

As a free alternative, the open source program Apache OpenOffice has proven itself for many years. OpenOffice offers, like Microsoft Office various programs for word processing, spreadsheet, presentation and a database program.

Is there an alternative to the expensive MS Office programs?stotti2022-09-29T21:04:48+02:00

Dolibarr – Rounding error in the calculation of VAT

Guido Herrig2022-09-29T21:16:25+02:00

In the Dolibarr settings, the accuracy for rounding (decimal places) and the general behaviour for rounding amounts can be defined.

Dolibarr – Rounding error in the calculation of VATGuido Herrig2022-09-29T21:16:25+02:00

Current warning against applications in Microsoft Word format

Guido Herrig2022-09-29T22:03:20+02:00

The CERT-Bund, the computer danger centre of the federal administration, is currently warning of an outbreak of the encryption Trojan GandCrab.

Current warning against applications in Microsoft Word formatGuido Herrig2022-09-29T22:03:20+02:00

Beware of a new wave of attacks via phishing emails with the subject: “You have received a file via WeTransfer”.

Guido Herrig2022-09-29T21:06:40+02:00

It remains exciting and the attacks are becoming more and more sophisticated. In the past, we received phishing emails from unknown senders in poor German or English. Nowadays, they are from known senders with halfway comprehensible content in the subject line.

Beware of a new wave of attacks via phishing emails with the subject: “You have received a file via WeTransfer”.Guido Herrig2022-09-29T21:06:40+02:00

How can attackers compromise the IT infrastructure from the outside?

Guido Herrig2022-09-29T21:06:58+02:00

A typical attack on the IT infrastructure of companies is carried out in 3 steps. Search for vulnerabilities Attackers first look for vulnerabilities in the system. This can be unbiased emails to employees, e.g. an inconspicuous invoice email to the accounting department. Network printers with open ports, IoT devices with old firmware or even routers whose known vulnerabilities have not been closed. In addition, danger can come from websites that have already been infected with malicious code and whose operators do not have enough resources to constantly pay attention to the security of their own websites. Once the malicious code has [...]

How can attackers compromise the IT infrastructure from the outside?Guido Herrig2022-09-29T21:06:58+02:00

Should you encrypt emails?

Guido Herrig2022-09-29T21:09:07+02:00

Yes, because e-mails offer the same protection against "reading" as the good old postcard. If you want/need to send really confidential data, such as business data, by e-mail, you cannot avoid encryption. The following options are available to protect messages/documents. Password-protected files: You can of course put the data in a password-protected file and then attach it to the e-mail. The only thing is that it is not very convenient to use and confidential things written in the message can still be read. The password should at least be sent by another means (messenger, telephone, etc.) and not by e-mail. PGP [...]

Should you encrypt emails?Guido Herrig2022-09-29T21:09:07+02:00

Are there any free CAD programmes?

Guido Herrig2022-09-29T21:09:22+02:00

Yes, one of the best known is the open source programme "FreeCAD". With FreeCAD you can create both 2D and 3D drawings. It is customisable, scriptable and extensible. With its extensive features, it is suitable for hobbyists/makers, experienced CAD users and also educators. For an introduction to FreeCAD we recommend our book: "FreeCAD – 2D/3D Konstruktion – Das Einsteigerseminar".

Are there any free CAD programmes?Guido Herrig2022-09-29T21:09:22+02:00

How can I protect my computer if a targeted attack overcomes the firewall and virus scanner?

Guido Herrig2022-09-29T21:09:38+02:00

Not at all! That doesn't sound good, but it corresponds to reality. There is software, e.g. from the NSO Group from Israel, which is specialised in penetrating foreign systems. If a targeted attack is made on a specific device, no antivirus programme can defend itself against it. Antivirus scanners work with signatures of known malware. In the case of a new, as yet unknown attack scenario, they cannot prevent the attack because there is no signature for it in their database This is where endpoint security comes in. If attackers succeed in getting onto their target's system, the infected malware must [...]

How can I protect my computer if a targeted attack overcomes the firewall and virus scanner?Guido Herrig2022-09-29T21:09:38+02:00

How can we implement OKRs (Objectives and Key Results) in our company?

Guido Herrig2022-09-29T21:09:58+02:00

The OKR leadership model, which is particularly popular with start-ups, is quickly explained and easy to understand (or so the theory goes). The company defines a mission (objectives) and then defines milestones or key results to achieve the company's goal. Simple to explain, difficult to implement! The difficulty for most young companies and start-ups is not to lose focus in the initial phase and not to be distracted from the goal while building up the learning curve. We recommend a very good book on this topic that explains the path and implementation of OKR in a practical way using a fictitious [...]

How can we implement OKRs (Objectives and Key Results) in our company?Guido Herrig2022-09-29T21:09:58+02:00