A closer look at fileless malware

To avoid detection by antimalware programs, cybercriminals are increasingly abusing legitimate software tools and legitimate programs in systems to steal data or ruin its integrity. They use fileless malware to infiltrate trusted applications and issue executables that blend in with normal network traffic or IT/system administration tasks while leaving fewer footprints. Ultimately, your business could be at risk. Let’s see why.

What is fileless malware?

Fileless malware is stored in random access memory (RAM) instead of on the hard drive. In a typical fileless infection, payloads can be injected into the memory of existing software or applications by running scripts within whitelisted or authenticated applications such as PowerShell, which is designed to automate system administration tasks such as view all USB devices, drives, and services installed in the system, schedule a series of demands, or terminate processes (i.e., Task Manager).

Because there are no files to trace, fileless malware escapes detection from most antimalware programs, especially those that use databases of precedents. Furthermore, most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a difficult time establishing where to start looking. Fileless malware isn’t as visible compared to traditional malware. They employ a variety of techniques to stay persistent, and can adversely affect the integrity of a business’s process and the infrastructures that run them.

Fileless malware by the numbers

Cybersecurity firm Kaspersky Lab first discovered a type of fileless malware on its very own network a couple of years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

In November 2016, attacks using fileless malware saw an uptick of 13% according to a report. In the same quarter, attacks surged 33% compared to the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on more than 12,000 unique machines.

Kaspersky Lab uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.

In 2018, cybersecurity firm Trend Micro detected a rising trend of fileless threats throughout the first half of the year.

Is your business at risk?

It is unlikely your business would have been targeted in the earliest stages of this particular strain of malware, but it’s better to be safe than sorry. Businesses should practice defense in depth, where multilayered safeguards are implemented to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations do?

While your business might not be in immediate danger, you should employ solutions that analyze trends in behavior. It is also wise to invest in a managed service provider that offers 24/7 network monitoring, proper patches, and software updates. Call today to get started.

The dangers of autocomplete passwords

Hackers have found a new way to track you online. Aside from using advertisements and suggestions, they can now use autocomplete passwords to track you down. Feeling unsecure? Here are some ways to keep you out of harm’s way.

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.
Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.
Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

  • If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
  • If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.