Stealthy Malware Is Going Mainstream

Uploaded on 2017-03-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Typical anti-malware software scans hard drives in search of malicious files and then flags them for removal.That strategy breaks down, though, when there’s no file to find on the system in the first place. And that’s exactly how an increasingly popular type of attack has stymied the defenses of dozens of banks around the world.

So-called fileless malware avoids detection by hiding its payload in secluded spots, like a computer’s random-access memory or kernel, meaning it doesn’t depend on hard drive files to run.

The technique first surfaced a couple of years ago, as part of a sophisticated nation-state reconnaissance attack, but has experienced a recent surge in cyber-attacks.

It’s also not just hitting high-priority targets; research released by Kaspersky Lab recently found that fileless malware infected more than 140 financial institutions, government organisations, and telecom companies across 40 countries.

Kaspersky itself may not have found it had a bank not come to the security firm after discovering malware running in secret in the memory of one of its domain controllers (a server on a Windows network that handles security authentication queries).

The attack was recording system administrator credentials so the hackers could move deeper into the network, gather more privileged credentials, and eventually withdraw money from ATMs.

What makes the attack so insidious is that it inhabits parts of the computer architecture that are difficult for normal users to even navigate to and access, much less interact with. While it’s possible to eliminate the threat, many organizations aren’t even focused on spotting it in the first place yet.

That’s unfortunate, because it’s also seen a dramatic spike in popularity. In a December report, the endpoint security firm Carbon Black found that the rate of fileless malware attacks among its customers had jumped from three percent of the company’s total malware detections at the beginning of 2016 to 13 percent in November.

“I would say this is becoming more of a checkbox for attackers’ toolkits,” says Greg Linares, a security researcher who specialises in threat intelligence and reverse engineering.

Just one example: Hackers can use administrative operating system tools, like the Windows PowerShell framework, to covertly deposit the malware into a computer’s RAM. More than 70 percent of the infections Kaspersky detected utilized malicious PowerShell scripts.

With increased use comes increased awareness, though, awareness should hopefully spur companies to take preemptive measures. “Security teams could monitor for the unexpected creation of services on their systems, watch for unexpected tunneling traffic within their network, attempt to observe outbound traffic, and disable the use of PowerShell on their networks if it is unused,”

Kurt Baumgartner, a principal security researcher at Kaspersky Lab. It helps to watch activity coming into and out of a network instead of just checking the files stored on it. He emphasises, though, that even as threats evolve, it’s still crucial to take foundational security precautions, like splitting different portions of a network into subnetworks that are more efficient and easier to defend.

Between fileless malware and the increasing popularity of ransomware it feels like malware has morphed into a new phase. (There’s even fileless ransomware.) That’s not cause for despair, though; it’s just all the more reason to keep up with the evolving landscape, and not rely on outdated tools. And now, looking for intruders where you least expect them.

Wired

New Malware Hides In Memory:

Malware Traders Switch To Less Suspicious File Types:

Banks Around The World Hit With Fileless Malware:

 

 

« Data Breaches Attack All Parts Of A Business
Wikipedia's editors cut out the Daily Mail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Bulb Security

Bulb Security

Whether your internal red team or penetration testing team needs training, or you lack internal resources and need an outsourced penetration test, Bulb Security can help.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

Drumz

Drumz

Drumz plc is an investment company whose investing policy is to invest principally but not exclusively in the technology sector within Europe.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.