Cyber Attacks Using ‘Fileless’ Mode Rapidly Increasing During 2018: Mcafee

According to McAfee Labs, cyber-criminals have been found executing more and more of "fileless" attacks during the current year as they make use of trustworthy Windows executables for penetrating computers and hacking large business networks. In fileless attacks, no malicious program is installed on victim's computer rather tools are used which are already there on the PC alternatively shellcode and simple scripts are run inside memory that frequently remain concealed within Windows Registry. Since the described assault is carried out via reputable, trustworthy executables, detection of the assault is difficult, states the Internet security solutions company.

The fast increase in fileless attacks during 2018 has raised concern everywhere, McAfee Labs the worldwide cyber-security company says. As different from conventional assaults in which hackers get hold over computers by dropping malware strains, the latest assaults don't install any computer program onto the victim's system.

The threat is capable of victimizing both corporate and individual end-users. While attacking corporate networks, the process involves lateral movement across the network. According to the Q2 Threat Report of McAfee, it became evident that numerous fileless campaigns made use of Microsoft PowerShell for carrying out the assaults within memory for opening one backdoor into the machines, with such campaigns increasing 432% in 2017. Fileless attacks capitalize on the trust that is there between anti-malware programs as well as authentic, approved Windows applications. Timesnownews.com posted this on the Web dated July 29, 2018.

'CactusTorch,' a particularly circulating fileless threat employs the 'DotNetToJScript' method that implants malevolent .NET assemblies directly out of memory and runs them on the target host, according to Debasish Mandal a cyber security specialist.

Mr. Mandal elaborates that the said assemblies represent an application's minimal deployment unit such as an .exe else .dll. There is no writing by the malware of any portion belonging to the malevolent .NET assembly onto the hard drive of any PC. As a result, conventional file scanners are incapable of spotting the intrusions. CactusTorch's utilization has come about rapidly in 2018. The threat is capable of running customized shellcode on computers having Windows operating system, Mr. Mandal further explains.

» SPAMfighter News - 8/6/2018