In a report recently released by Kaspersky Lab, there is a new fileless malware being used by cyber-criminals.
The malware is used by hackers to target institutions such as banks and other global enterprises.
Current headlines reveal that there are more than a hundred enterprises that have been affected by the malware worldwide.
Typical anti-malware and antivirus solutions are designed to search hard drives to be able to detect any kind of malware, proceeding to issue alerts to the users to have the malware removed once detected.
This is now proving futile with the fileless malware, as is not easy to detect in the first place.
The fileless malware is technologically lethal as it stays on parts of the computer system that are quite difficult for everyday users to access – namely, the system’s Random Access Memory.
This malware does not necessarily need any files on the computer system’s hard drive to be able to run.
How was the fileless malware detected?
The security team of a bank, which prefers to remain anonymous, discovered a copy of suspicious files in their Microsoft domain controller that had not been there before.
The same was brought to the attention of Kaspersky Lab, which after conducting a thorough investigative forensic analysis, found that hackers had somehow managed to encrypt the malware directly to the memory instead of lodging it to the hard disk.
It is revealed that the main objective of the cyber criminals is to be able to compromise as many computers as possible.
This is to enable them to control machines like such as ATMs so that they could siphon money out of targeted financial institutions.
Currently, reports from several reliable sources have revealed that the fileless malware attacks have already compromised more than one hundred and forty networks all over the world.
The majority of the networks infected by the malware belong to businesses from countries including the United States, France, Ecuador, Kenya, United Kingdom, and Russia.
Reports by Kaspersky Lab have revealed that the hackers using the malware are targeting the banking industry, government institutions, and even telecommunication sectors.
Are there any preventive measures available?
Greg Linares, an expert in cyber security threat intelligence, notes that cybercriminals are most likely to use various administrative tools such as Windows PowerShell to encrypt the malware in targeted systems’ RAM.
Security personnel in various organizations are therefore advised by Kaspersky Lab experts to closely monitor unusual traffic in their respective networks and, if possible, limit or even disable the use of PowerShell.
Security analyst Avivah Litan provided some preventive measures that companies could take to be able to detect and possibly even prevent fileless malware attacks:
1. Repair systems regularly to avoid even the most common malware vulnerabilities.
2. Prohibit or reduce the use of administrative tools that are likely to be used by hackers to deposit fileless malware into the computer memory.
Companies could opt for a few endpoint computers, depending on their needs.
3. Make investments in products or services that guarantee their protection against cyber-attacks.
This, of course, includes fileless malware attacks.
There are several service providers that are recommended, including Symantec, Tred, and McAfee.
These are best known to be able to effectively guard computer systems from fileless malware attacks, though there are others.
4. Firms can alternatively limit systems to only allow specific applications permitted by the organization to run.
This will limit the chances of malware infiltration on the organization’s systems, which because of the limited number, are easy to monitor.
In conclusion, the recently surfaced malware is an online weapon used by hackers to attack financial institutions and other enterprises.
This malware is very difficult to detect, as it establishes itself on secluded parts of the computer system – such as its RAM.
With the ever evolving techniques used by hackers and cyber criminals to achieve their interests, cyber security personnel also need to step up their game in order to catch up with these rogues.