Fileless malware is a type of malicious software
that exists exclusively as a memory based artifact
Fileless malware does not write any part of its
activity to the computer’s hard drive, making it
very resistant to existing computer forensic
strategies that incorporate file-based whitelisting,
signature detection, hardware verification,
pattern-analysis, time-stamping, etc.
Simply, fileless malware leaves very little by way
of evidence that could be used by digital forensic
investigators or threat researchers to identify
illegitimate activity. This type of malware attack
has become commonplace as malware authors
become more creative in evading detection.
A typical fileless malware can use PowerShell
scripts (located within the Microsoft
Windows Registry system) to launch an
attack. Others, like IcedId, combine
PowerShell scripts and malicious Microsoft
Word documents to distribute malware.
Given that attacks involve several stages for
functionalities like execution, persistence, or
information theft, some parts of the attack
chain may be fileless, while others may
involve the file system in some form.
SonicWall Capture Labs threat researchers
found that fileless malware incidents
increased in the second and third quarters
of 2019 when compared to the same period
in 2018, but trailed off in the fourth quarter.
See how the experts at CisCom can help you with this and more!
Blog content for the SonicWall Cyber Threat Report series provided by our partners at SonicWall.