Fileless malware - Achilles heel of traditional antivirus software

Basically, a typical anti-virus product and today's End Point service generally come with the following two ways of detecting malware:

1. Based on technical code
2. Heuristic algorithm

Code-based anti-virus software has been developed over decades, since the time of the malware attacks the earliest MS-DOS system, but generally follows the same formula conclude, and at the same time use a piece of malicious code to identify malware spread in a computer system. For example, the case of MSAV, MS-DOS 6.0's integrated anti-virus software, follows this formula in the same way that the latest antivirus program developed by Microsoft exclusively for Windows today, Defender, is shipping onions.

Fileless malware - Achilles heel of traditional antivirus software Picture 1

1. The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely

Meanwhile, the term Heuristic is a word referring to experience-based techniques for problem solving, learning or discovery to provide a solution that is not guaranteed to be optimal. With survey research unrealistic, heuristic methods are used to speed up the search process with reasonable solutions through shortened thinking to reduce perceived problems when making decisions. determined. In the case of information security, Heuristic algorithms require intensive anti-malware processes to be installed deep into the Windows operating system, hooked up to all functions of the operating system to track computer operations are at the most detailed level, thereby detecting suspicious behaviors similar to what a malicious software often does. The advantage of Heuristic algorithm is that it is more powerful than the signature-based anti-virus method, but the disadvantage is that it is more prone to error.

Fileless malware - Achilles heel of traditional antivirus software Picture 2

1. What is cybercrime? How to prevent cybercrime?

However, in the unpredictable situation of today's cyber security, even with the combined power of both signature and heuristic algorithms, security experts still have difficulties in The detection of a new type of malware, which can be maintained without using the file system stored on the device, is: Fileless malware (temporarily translated: Non-file malicious code). McAfee, one of the world's most reputable mainstream anti-virus software vendors, has repeatedly stressed the level of difficulty security experts face in detecting the type of malware only. exists in memory and does not own any files on the storage disk like fileless malware.

1. The 5G era is near, but are security procedures ready?

By definition of being unified and widely recognized by leading security experts, 'malware fileless is the type of malicious code that does not write malicious executable files to the file system. This definition includes the case where the infection starts with a malicious script, or a harmless executable file on the file system and the field when the malicious code stores its information in the registry, even though Windows still writes the content. of the registry on the disk. Fileless malware does not rely on files and naturally leaves no trace, making it extremely difficult to detect and remove it, and more importantly, attacks like this are possible. Success is 10 times higher in infecting computers than file-based attacks'.

Fileless malware - Achilles heel of traditional antivirus software Picture 3

1. For your safety, turn on the auto-update feature for all your devices and applications

The problem is that malware that doesn't use this file uses the usual Windows API to perform actual operations such as deleting a file instead of being programmed from the previous one.

To protect the computer system against malware fileless, organizations need to adopt an approach to network security in a way that combines and comprehensively integrates the user's behavior, process and technology. More fundamentally, how should businesses make sure that all of their employees have been trained and understand the dangers when they open attachments sent from an unfamiliar account, or Even objects that they think are reliable. In addition, every patch that must be issued by the vendor must be guaranteed to be installed immediately. It is possible to summarize some things that businesses, organizations and individual users need to do as follows:

1. Conduct training, improving knowledge for not only employees but also users about not to access suspicious links.
2. Always update all endpoint software to the latest version.
3. Use strong passwords, and combine them with multi-factor authentication.
4. Deploying behavior detection tools can detect threats in real time.
5. Perform remote browser splitting (web splitting) for all web browsers.
6. Build plans to back up important data.
7. Implementing endpoint security measures.

Fileless malware - Achilles heel of traditional antivirus software Picture 4

1. Learn about terminal security (endpoint security)

If the remote browser separation method is introduced and widely deployed, it will contribute to adding protection even if the user is attacked by an email campaign containing malware in general (or even the fileless malware), JavaScript downloaded from malicious websites will be isolated from the end point as if it runs on a disposable container. The remote virtual browser displays web content and transmits harmless web screens to the endpoint. While active code and scripts never reach the endpoint and therefore the endpoint and the internal network will be secure, this will be a new hope for security researchers. confidential when it comes to effective measures against fileless malware. Combined with education and user awareness, the computer is infected with fileless malware that will quickly be removed from the public network, which will also help eliminate the possibility of the computer being infected. Continuous infection is used to distribute malicious code to other devices in the network. End users (employees in the corporate environment) are those who act as the "main protection shield" in this situation, so one of the prerequisites is that they must have enough opinions. The way to determine if something is wrong has been happening on your own computer. Fileless malware is considered the Achilles heel for traditional anti-virus software, but the heel can also be 'armored' if we have strong enough methods and techniques!