Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What is a fileless attack? How hackers invade systems without installing software

Maria Korolov | Sept. 22, 2017
Cyber criminals don't need to place malware on your system to get in. Fileless or zero-footprint attacks use legitimate applications or even the operating system.

"If you can max out a huge multi-way CPU, it's so much better than someone's laptop," he says. Sprickerhoff recommends that companies look for unusual CPU usage as a possible indicator that Bitcoin mining is going on.

Even behavioral analytics systems won't be able to detect all fileless attacks, says Rapid7's Beardsley. "You depend on noticing when unusual events start happening, like my user account gets compromised and I start connecting to a bunch of machines I haven't been communicating with before," he says.

It's hard to catch these attacks before they trigger the alerts, or if they do something that the behavioral algorithms don't watch out for. "If the adversary is putting in a lot of effort in being low and slow, it's much harder to detect [the attack]," he says. "With the things we see, that could be selection bias — we only see the clumsy ones because that's the ones that are easiest to see. If you're super-stealthy, I'm not going to see it."

 

Previous Page  1  2  3  4 

Sign up for Computerworld eNewsletters.