|[Photo source : Wikimedia Commons]|
Global cybersecurity firm McAfee Labs stated in its recent report that “fileless” attacks are growing this year. It is a kind of cyber attack that doesn't drop malware on the system of the victim so antivirus tools are more likely to miss them. Instead, these attacks use tools that are already installed on the PC or just run scripts in memory, reports Indian newspaper Hindustan Times.
The McAfee Labs explained that “fileless” attacks are usually launched through a reputable memory or on executables and are not easy to detect. It cited a fileless threat called CactusTorch that uses the “DotNetTojScript” technique, wherein it loads and executes malicious.Net assemblies straight through the memory.
Cybersecurity expert Debasish Mandal commented that said assemblies are the smallest deployment unit of an app, like the .exe or .dll.
In its statement, the cybersecurity firm also highlighted that in 2018, they have already seen a rapid growth in the use of the fileless threats that can execute the custom shellcode on the victim’s Windows systems. A shellcode is a set of instructions injected and executed by an exploited program. It is used to manipulate the functionality and registers of the exploited program so that it will function in a manner different than what was originally intended by its designer.
In McAfee's Q2 Threat report, the company likewise detailed that both corporate users and consumers can fall victim to fileless attacks. They further shared that said malware takes advantage of the trust factor between genuine Windows applications and security software.