Blogs and News
Fileless Malware – A New Business Cyberthreat
Dangers for businesses from hackers
Most people know not to click on attachments sent to them in emails from people or businesses they've never heard of. It is well-understood that if you download files from dodgy sites there may be a payload of malware inside too, as a little bonus. Mostly this is annoying apps that redirect your searches or show rubbishy adverts. Irritating, but not actually harmful. Of course, if you are unlucky, your computers might be infected with ransomware, which could encrypt your files and demand payment to decrypt them.
The lesson of that is always to have regular backups so you can restore your files. Even if you pay the ransom, there's no guarantee that the cyber criminals will actually let you have the key to get your files back.
is a new threat emerging: fileless malware, that is attacks on your
computers and networks that do not involve opening an attachment or
downloading files. These attacks involve finding vulnerabilities in
the computer system and exploiting these to plant viruses in the
system. As virus protection has got better, so the criminals and
hackers have to up their game to find new avenues to attack computers
The cyber criminals can
that could infect systems without triggering traditional detection mechanisms, like anti-virus
by spreading new malware
to gather information about an infected PC before infecting it with
move the malware to the Windows registry to make it more difficult to find
to find and manipulate vulnerabilities faster
to compromise a huge number of computers
by infecting machines with ransomware.
There is no need to panic, however. It is not easy to accomplish these attacks, particularly if all software is up to date. However this can be a weakness as people often do not update software regularly to keep security patches active.
For example, fileless malware can use vulnerabilities in outdated flash plugins to infect a computer's browser and then attack the computer that is running it.
The best way to negate fileless malware is to stop it before it happens
Level 1: apply security updates for your applications and operating system.
Level 2: block the pages hosting the malware, with an active security application
Level 3: block the malware delivery with the same application
Level 4: block the communication between your PC and the attackers’ servers: this will mean that the attackers won't be able to exploit the infection, even if they have placed it on your computers.
Business and home users need to keep their protection up to date. They also would be wise to invest in an application which is able to negate these potential threats as an ounce of preparation is worth a ton of regret afterwards and cheaper too.