Fileless Attacks: The Most Dangerous Cyber Threat to Enterprises

Posted by Rob Schnetzer on Thu, Mar, 26, 2020 @ 15:03 PM

A potent new form of cyberattack...

For years, traditional cyber attacks have relied on vectors like phishing emails, social engineering schemes and malware-laden attachments. All of these rely on some form of interaction with a computer in an attempt to install a malicious program on a victim’s machine.

But in the past few years, there has been an increase in the use of a technique called “fileless attacks.” In 2018 fileless attacks accounted for 40% of all reported cyberattacks, and in 2019 those numbers rose to 51%. It appears that this new strain of malware will be the de facto cyberthreat with which most admins will have to contend in 2020. 

Note: You’ll hear it referred to as a fileless attack or a malware free attack; the latter isn’t completely accurate, so we’ll stick with the term fileless attack.

How it Works

The idea of a fileless attack is fairly simple on the surface. Most of the time the attack involves breaching a system with stolen credentials. But that’s the end result of a long campaign to access said credentials and ultimately penetrate the target network. When these attacks first surfaced, the bad actors were normally found to be nation-state or hacktivist entities. They usually focused on corporate networks, as those tend to be the most profitable targets with the most valuable information to steal.

As of the moment the telecommunications industry has suffered the most direct damage from fileless attacks. CrowdStrike (a company that investigates trends in cybercrime) found that 66 percent of attacks on telecom companies were using either stolen credentials or exploits in unpatched hardware. The remaining portion of the attacks tell the other side of the story. They use a type of malware that doesn’t actually install a file on the hard drive of the target system itself. Referred to as a memory resident malware, it instead stays active in the RAM of the computer and embeds itself into a machine like a tick. As long as the computer is turned on, the malicious program can live indefinitely in the machine's short-term memory. While on the computer, this form of fileless attack steals credentials and snoops on user activity, enabling it to provide the logon information required to breach the network at a later date.

There are exploit kits that employ various versions of fileless hacking programs, making the task streamlined and easier to execute. This explains the uptick in this form of hacking, as well as the anticipated growth in this type of cybercrime.

How to protect against fileless attacks:

#1 Keep (IoT) and legacy devices on a separate network

Many fileless attacks use unpatched or known and zero day vulnerabilities on these devices. Keeping them segregated from your more important networks can help mitigate any damage from a hacking attempt.

#2 Monitor logins

Keep an eye on login activity that looks suspicious, and if so then immediately follow up. The average detection of a compromised network is almost 90 days. This gives plenty of time for bad actors to silently access your network.

#3 Practice the principle of least privilege.

If you are unfamiliar with this important concept, follow the link to the explanation from our CTO Jim Lancaster. In a nutshell, the principle of least privilege means only giving your employees access to the files and permissions they need to do their job. This can also mitigate the damage a hacker can do within your network.

#4 Train your employees

Train your team to identify and avoid cyberthreats. Foster an environment of empowerment and open communication. Most of the time malware attacks go unnoticed by management until after the fact, so having many pairs of cautious eyes on your network provides an extra layer of human protection.

#5 Update frequently

Many cyberattacks succeed by taking advantage of unpatched software vulnerabilities. Many of the largest breaches in the past ten years start with someone gaining access to equipment via an unpatched exploit. Always keep your devices up to date.

If you’d like to find out more about how you can secure your systems and train your employees to watch out for phishing scams, email us You can also reach out with general inquiries via our Contact Us page.


For further reading follow these links:

CSOOnline: What is a Fileless Attack

ZDNet: Malware Free Attacks Now Most Popular Tactic Amongst Cybercriminals

Infosecurity Magazine: Malware Free Attacks

ArsTechnica: Malware Free Attacks Mount in Big Breaches CrowdStrike Finds

Topics: Cybersecurity, Patches and Updates, Internet of Things, Technology