Maksim Kabakou - Fotolia
Security Think Tank: Use layered security and patch management to defeat fileless malware
What should organisations do at the very least to ensure business computers are protected from fileless malware?
Fileless malware is exactly that – there are no files, the malware executes in memory with no footprint, and therefore is much more likely to succeed in its unwanted endeavours than “traditional” malware that leaves a trail. Fileless malware is less likely to attract the attention of security analysts and associated anti-virus and anti-malware technology.
Organisations are widely aware of fileless malware – Ovum’s ICT Enterprise Insights survey shows network security, and security and vulnerability management as the leading investment priorities for enterprises across the globe – but countering it is complex because the lack of a signature makes it hard to detect by traditional antivirus software. Although fileless malware has been around for years, it has risen in prevalence recently, with easily available toolkits to take advantage of.
Fileless malware uses frameworks and tools that are available on the targeted device. PowerShell – the Microsoft task-based command-line shell and scripting language – is often used, as are unsecured macros. Executed commands are assumed to be OK because they are executed by the machine, leaving the door open to an extended and undetected fileless malware attack over days and months.
Inadequate patch management is the cause of many malware infections, including fileless malware. Maintaining a comprehensive patch management programme for operating systems as well as installed software is essential if organisations are to protect themselves. There are no shortcuts to patch management and the activity demands formal recognition within the organisation.
Other approaches to addressing fileless malware include ensuring that non-essential capabilities are disabled on devices – despite business users’ calls for “open” devices to aid efficiency – and using behavioural detection to alert security analysts to unexpected behaviour on a device.
Read more Security Think Tank articles about dealing with fileless malware
There are many other threat protection solutions and approaches available that can operate alongside traditional anti-virus to address fileless malware. Overall, organisations should ensure they are patched in a timely manner and that layers of security are deployed so that threat actors will switch their attention to another organisation that is perhaps less secure. Don’t let that be your organisation.