Need help? Chat now!

Hostwinds Blog

Search results for:

Fileless, Non-Malware Attacks not New… But Increasing Featured Image

Fileless, Non-Malware Attacks not New… But Increasing

by: Hostwinds Team  /  May 27, 2017

Your traditional means of preventing and detecting cybersecurity attacks may not be enough with the rise of non-malware, fileless attacks. Hackers are turning to these types of attacks because they're harder to defend against. And unfortunately, most researchers agree that these attacks pose more of a threat to businesses.

The increase in these attacks was recently highlighted by Carbon Black's research that included interviewing more than 400 security researchers. Over 60% of those interviewed said that they've witnessed an increase in non-malware attacks since last year (we're not even half way through the year). And they have their doubts whether the traditional anti-virus software you rely on would be enough to catch them. So this is just another reason you want to make sure you always have full backups in place to make recovering from any breach easier.

Yes, it seems that 2017 may very well be the year of non-malware, fileless cyber-attacks. Just as last year was deemed by many as the year of ransomware and 2015 the year of attacks on healthcare.

Just what is a non-malware attack?

Non-malware attacks are also sometimes called memory-based attacks or fileless attacks. That's because the attacker doesn't even have to get you to download or install some sort of malicious file. Therefore, in most cases your normal AV simply doesn't have anything to spot – there aren't any red flags. The attacks use applications, software and other protocols that are already present and allowed to run. They identify and gain access to something already being used regularly (like the browser used or MS Office apps).

They find an exploit that gives them permissions, privileges and the ability to carry out commands within things like WMI (Windows Management Instrumentation), Javascript or PowerShell. And if you're familiar with these, then you know just how much they're able to do once they're in.

In February, Kaspersky Lab discovered that 140 organizations all around the world had fallen victim to fileless attacks after a bank found malware hiding the memory of a domain controller. In this case, system admin credentials were being gathered so the attacker(s) could get even further into the system with the goal of being able to withdraw funds from ATMs.

The organizations targeted included those located in 40 different countries, including the US, UK, France and Kenya.

If you'd like to see some examples of non-malware attacks, Morphisec has several examples of new fileless frameworks they discovered.

How to protect yourself from fileless cyber-attacks

While no one has a definitive solution to protect against non-malware attacks 100% of the time, there are some things you can do to be proactive about it.

Keep everything up to date

That includes your operating system, any software you use, your system. Everything. Updates often contain fixes for security vulnerabilities that have been discovered. And attackers know about those vulnerabilities. So they look for those systems with those vulnerabilities and you don't want to be one of them. Don't put off installing new updates when they become available because you don't "have time" or it might "make everything run slower" or take up "more space".

Antivirus – You also want to make sure your anti-virus is up to date. Yes, there are new sophisticated attacks that even the best AV might not detect. But it's still important to have, as there are still many known threats that they should be able to protect against. Hopefully with the recent attention that non-malware attacks is getting, security firms and AV companies will adapt and develop protection against them.

Microsoft Office – Keep Office up to date so you always have the latest safeguards in place. Many micro-malware attacks will come in the form of a .doc file.

Disable or at least limit the use of macros

It's doubtful that everyone in your organization needs to run macros on a daily basis. Set groups and permissions so only those who truly need to do so are given that ability.

Regular backups (both on and offline)

This isn't going to prevent an attack on your business or organization. But if you're regularly taking backups it'll help you get up and running faster and smoother if something does happen. Many attacks can quickly spread through your server or network, so make sure you also have backups that are store offline.

Team training

Regularly train employees about security and especially how to (and how not to) handle email. Also emphasize that they shouldn't run macros, as there's a good chance they have no idea that it could lead to security problems.


The use of fileless, non-malware attacks will likely continue to rise. Your best bet is to be proactive and stay up to date with what's happening. Use the above tips. Contact your AV or security provider to ask them specifically about these types of attacks. What are they doing and how are their services protecting you?

Do you have any other tips? Have you ever dealt with this type of attack? If so, we'd love to hear your experience and what you did to prevent it from happening again and/or how you recovered. Just leave a comment below!

Written by Hostwinds Team  /  May 27, 2017