Stealthy Malware Is Going Mainstream

Uploaded on 2017-03-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Typical anti-malware software scans hard drives in search of malicious files and then flags them for removal.That strategy breaks down, though, when there’s no file to find on the system in the first place. And that’s exactly how an increasingly popular type of attack has stymied the defenses of dozens of banks around the world.

So-called fileless malware avoids detection by hiding its payload in secluded spots, like a computer’s random-access memory or kernel, meaning it doesn’t depend on hard drive files to run.

The technique first surfaced a couple of years ago, as part of a sophisticated nation-state reconnaissance attack, but has experienced a recent surge in cyber-attacks.

It’s also not just hitting high-priority targets; research released by Kaspersky Lab recently found that fileless malware infected more than 140 financial institutions, government organisations, and telecom companies across 40 countries.

Kaspersky itself may not have found it had a bank not come to the security firm after discovering malware running in secret in the memory of one of its domain controllers (a server on a Windows network that handles security authentication queries).

The attack was recording system administrator credentials so the hackers could move deeper into the network, gather more privileged credentials, and eventually withdraw money from ATMs.

What makes the attack so insidious is that it inhabits parts of the computer architecture that are difficult for normal users to even navigate to and access, much less interact with. While it’s possible to eliminate the threat, many organizations aren’t even focused on spotting it in the first place yet.

That’s unfortunate, because it’s also seen a dramatic spike in popularity. In a December report, the endpoint security firm Carbon Black found that the rate of fileless malware attacks among its customers had jumped from three percent of the company’s total malware detections at the beginning of 2016 to 13 percent in November.

“I would say this is becoming more of a checkbox for attackers’ toolkits,” says Greg Linares, a security researcher who specialises in threat intelligence and reverse engineering.

Just one example: Hackers can use administrative operating system tools, like the Windows PowerShell framework, to covertly deposit the malware into a computer’s RAM. More than 70 percent of the infections Kaspersky detected utilized malicious PowerShell scripts.

With increased use comes increased awareness, though, awareness should hopefully spur companies to take preemptive measures. “Security teams could monitor for the unexpected creation of services on their systems, watch for unexpected tunneling traffic within their network, attempt to observe outbound traffic, and disable the use of PowerShell on their networks if it is unused,”

Kurt Baumgartner, a principal security researcher at Kaspersky Lab. It helps to watch activity coming into and out of a network instead of just checking the files stored on it. He emphasises, though, that even as threats evolve, it’s still crucial to take foundational security precautions, like splitting different portions of a network into subnetworks that are more efficient and easier to defend.

Between fileless malware and the increasing popularity of ransomware it feels like malware has morphed into a new phase. (There’s even fileless ransomware.) That’s not cause for despair, though; it’s just all the more reason to keep up with the evolving landscape, and not rely on outdated tools. And now, looking for intruders where you least expect them.

Wired

New Malware Hides In Memory:

Malware Traders Switch To Less Suspicious File Types:

Banks Around The World Hit With Fileless Malware:

 

 

« Data Breaches Attack All Parts Of A Business
Wikipedia's editors cut out the Daily Mail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Massive Alliance

Massive Alliance

Massive is a global service agency providing internet monitoring, data & security threat surveillance and reputation management.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Curatrix Technologies

Curatrix Technologies

Curatrix Technologies is a Managed IT Service provider based in Hampshire, UK, providing high quality and reliable Managed IT Services since 2015.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.