Fileless malware - Achilles heel of traditional antivirus software
Basically, a typical anti-virus product and today's End Point service generally come with the following two ways of detecting malware:
- Based on technical code
- Heuristic algorithm
Code-based anti-virus software has been developed over decades, since the time of the malware attacks the earliest MS-DOS system, but generally follows the same formula conclude, and at the same time use a piece of malicious code to identify malware spread in a computer system. For example, the case of MSAV, MS-DOS 6.0's integrated anti-virus software, follows this formula in the same way that the latest antivirus program developed by Microsoft exclusively for Windows today, Defender, is shipping onions.
- The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely
Meanwhile, the term Heuristic is a word referring to experience-based techniques for problem solving, learning or discovery to provide a solution that is not guaranteed to be optimal. With survey research unrealistic, heuristic methods are used to speed up the search process with reasonable solutions through shortened thinking to reduce perceived problems when making decisions. determined. In the case of information security, Heuristic algorithms require intensive anti-malware processes to be installed deep into the Windows operating system, hooked up to all functions of the operating system to track computer operations are at the most detailed level, thereby detecting suspicious behaviors similar to what a malicious software often does. The advantage of Heuristic algorithm is that it is more powerful than the signature-based anti-virus method, but the disadvantage is that it is more prone to error.
- What is cybercrime? How to prevent cybercrime?
However, in the unpredictable situation of today's cyber security, even with the combined power of both signature and heuristic algorithms, security experts still have difficulties in The detection of a new type of malware, which can be maintained without using the file system stored on the device, is: Fileless malware (temporarily translated: Non-file malicious code). McAfee, one of the world's most reputable mainstream anti-virus software vendors, has repeatedly stressed the level of difficulty security experts face in detecting the type of malware only. exists in memory and does not own any files on the storage disk like fileless malware.
- The 5G era is near, but are security procedures ready?
By definition of being unified and widely recognized by leading security experts, 'malware fileless is the type of malicious code that does not write malicious executable files to the file system. This definition includes the case where the infection starts with a malicious script, or a harmless executable file on the file system and the field when the malicious code stores its information in the registry, even though Windows still writes the content. of the registry on the disk. Fileless malware does not rely on files and naturally leaves no trace, making it extremely difficult to detect and remove it, and more importantly, attacks like this are possible. Success is 10 times higher in infecting computers than file-based attacks'.
- For your safety, turn on the auto-update feature for all your devices and applications
The problem is that malware that doesn't use this file uses the usual Windows API to perform actual operations such as deleting a file instead of being programmed from the previous one.
To protect the computer system against malware fileless, organizations need to adopt an approach to network security in a way that combines and comprehensively integrates the user's behavior, process and technology. More fundamentally, how should businesses make sure that all of their employees have been trained and understand the dangers when they open attachments sent from an unfamiliar account, or Even objects that they think are reliable. In addition, every patch that must be issued by the vendor must be guaranteed to be installed immediately. It is possible to summarize some things that businesses, organizations and individual users need to do as follows:
- Conduct training, improving knowledge for not only employees but also users about not to access suspicious links.
- Always update all endpoint software to the latest version.
- Use strong passwords, and combine them with multi-factor authentication.
- Deploying behavior detection tools can detect threats in real time.
- Perform remote browser splitting (web splitting) for all web browsers.
- Build plans to back up important data.
- Implementing endpoint security measures.
- Learn about terminal security (endpoint security)
If the remote browser separation method is introduced and widely deployed, it will contribute to adding protection even if the user is attacked by an email campaign containing malware in general (or even the fileless malware), JavaScript downloaded from malicious websites will be isolated from the end point as if it runs on a disposable container. The remote virtual browser displays web content and transmits harmless web screens to the endpoint. While active code and scripts never reach the endpoint and therefore the endpoint and the internal network will be secure, this will be a new hope for security researchers. confidential when it comes to effective measures against fileless malware. Combined with education and user awareness, the computer is infected with fileless malware that will quickly be removed from the public network, which will also help eliminate the possibility of the computer being infected. Continuous infection is used to distribute malicious code to other devices in the network. End users (employees in the corporate environment) are those who act as the "main protection shield" in this situation, so one of the prerequisites is that they must have enough opinions. The way to determine if something is wrong has been happening on your own computer. Fileless malware is considered the Achilles heel for traditional anti-virus software, but the heel can also be 'armored' if we have strong enough methods and techniques!
You should read it
- What is Fileless Malware?
- Threats and risks from malware on USB Flash
- Can a VPN Fight Malware?
- Malicious Code EvilGnome attacks Linux systems with many rare tricks
- The US government network is infected with malware by employees watching adult movies during the hour
- Discover a new kind of malicious code that can record the phone call to extort money
- Researchers create malware based on artificial intelligence
- 5 tips to help detect signs of malware
- The malware detection is extremely dangerous, unable to destroy even if the operating system is reinstalled and the hard drive is replaced
- Malware Judy attacked more than 36.5 million Android phones
- Google 'purged' 24 applications downloaded nearly 500,000 times containing malicious malware
- Learn about fileless malware Astaroth
Maybe you are interested
This Simple Android App Proves Anything Can Contain Malware
BadBox Malware Is Picking Up Speed, Targeting Certain Android Devices
Warning of new dangerous malware attack campaign targeting Linux
Downloaded malware? Try these fixes before factory reset!
SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware