Arrow back

Fileless Malware: Everything you Need to Know

22 August, 2018

We have always been told that the most effective way to protect ourselves online is to install some form of antivirus software, but this does not always track the data that’s leaving your organisation's network and devices.

Although it is nothing new, fileless malware is extremely powerful and can have many detrimental effects if you fall victim to it.

Not many people know how it works, and with McAfee warning that fileless malware is a growing trend, the risks of being affected by one of these attacks are only going to rise. So, what is fileless malware?

What is fileless malware?

In most cases, traditional malware can be detected through a signature that your antivirus software will recognise. Your chosen antivirus software will have a bank of signatures that have been collected over the years which will be called upon every time it needs to scan a file.

Fileless malware doesn’t contain a form of any signature, so it bypasses even the most thorough antivirus software which is why it is important to train your workforce on how to look out for the signs of a cyber attack.

In this blog, we’ll explore the topic of fileless malware, how it works, and the best practices for preventing it from affecting you, or anybody else in your organisation.

How Does Fileless Malware Work?

So if the malware that has infected your machine isn’t even attached to a file, how can it work?

Instead of installing software on your machine, it piggybacks legitimate software that’s already installed and uses it against you.

How can fileless malware get into your computer in the first place? Well, it has a very sly way of infecting your machine, which would catch out a lot of people who aren’t vigilant.

It usually starts with a spam email, in which the user is tricked into clicking a link to a web page which will infect a users computer.

The most commonly exploited vulnerability is through the Flash plugin on your browser. As Flash is a trusted piece of software, your antivirus won’t flag it as malicious and the real virus will enter the user's system unchecked.

What Kind of Damage Can Fileless Malware Do?

Fileless malware is as harmful as almost every other piece of traditional malware, it can steal sensitive information, lock down your computer, and hijack your computer to execute any function.

If a cyber criminal has gone through all the effort to gain full control over your systems, what would be one of the most valuable things to them? Your databases!

You will have databases which store user accounts, personal information, passwords and other company secrets. This is a goldmine for cyber criminals, as they could sell this information onto others who will use the information to commit identity theft.

They don’t always have to just steal and sell information on straight away, some may choose to harvest further credentials long after the fileless malware has worked its way onto your machine. With this access, cyber criminals can gain login credentials to email accounts which can then be used to create phishing emails.

Users are more inclined to click on links and follow dialogues from someone they know such as their boss or the CEO, whose information is available on websites like LinkedIn. This means that whilst they gain company data, they can also harvest personal information from employees which lines their pockets nicely after the initial attack happened.

Luckily, software exists in the field of cyber security that helps to identify patterns or behaviours in systems, software or code that may be the telltale signs of fileless malware.

What is SIEM and How Does It Work?

Security Information and Events Management (SIEM) services are behaviour detection systems that provide real-time analysis of any script ran by a computer or device.

As IT departments and company networks have to run their own scripts, there can be a fine line between what could be a legitimate or malicious script.

This is where behavioural detection systems come in, they analyse incoming scripts want to do and sort out what is malicious and what’s legitimate.

Behavioural detection automatically narrows down what could be thousands of suspicious logs to just a handful of potential threats which makes it more manageable. Behavioural detection software can be very costly as the technology is almost artificial intelligence, as there are almost infinite iterations that the program has to scan and classify scripts as they run.

If the type of attack used is fileless malware, cyber criminals would want to steal data to sell on for profit. Therefore, a handy way to tell if your computer has been infected with fileless malware is for the IT department to monitor outbound logs for suspicious data packets, as hackers will want to send data back home.

How Can I Stop a Fileless Malware Attack?

So how do you actually stop a fileless malware attack? Given that a fileless malware carries no signature, doesn’t install software or create a physical file, you may think it’s impossible to detect.

While it is difficult to recover from a fileless Malware attack, it is not impossible to prevent one from happening. The best way to stop one of these attacks is learning how to prevent attackers from gaining access to your organisation’s network.

Training your workforce to be vigilant to the ways that fileless malware can infect their networks, how it can be transferred through email, and how to spot the signs of a malicious email will go a long way in the fight to keep your organisation secure.

These breaches can happen to anyone and cyber criminals will blanket target your employees because they know that they only need one person to make a mistake to let them in.

Here are some key tips from our Virus Vigilance course to help you spot and prevent fileless Malware from getting into your computer.

  • Delete emails from unknown sources and log any attempts with your company policy.
  • Contact your IT department immediately if you suspect that your computer has been infected with a virus.
  • Only download software and open attachments from trustworthy and reputable sources.
  • Invest in good virus protection software and ensure it is updated regularly.

  • Watch out for deletion or unexpected appearance of files, slowing down of computer operations, and unexpected or unpredictable behaviour of your systems as these can all be characteristics of a virus attack.

You could invest in costly software or you could train your staff to help mitigate these kinds of attacks happening in the first place - because prevention is better than cure! If you’re interested in engaging training that teaches a wide range of cyber essentials to your staff, book a web demonstration with us to find out how our cyber security training courses can help your organisation.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance