Definition
A fileless attack is a cyberattack in which attackers exploit legitimate software, processes, or memory on the target system rather than depend on traditional malware.
This enables attackers to evade detection by most security solutions because they don’t leave identifiable footprints on the target system.
Fileless Attacks Examples
- PowerShell exploitation: Hackers can exploit the Windows PowerShell scripting environment to execute malicious scripts or commands directly in memory, leaving no traces on the hard drive.
- Registry manipulations: Attackers can conceal malicious payloads within the registry, allowing them to execute the attacks without creating files on the system.
- Living off the land: Fileless attacks can exploit legitimate system processes or tools, such as Windows Management Instrumentation (WMI), to execute malicious actions while remaining untraceable.
Protecting Against Fileless Attacks
- Deactivate or restrict scripting environments like WMI and PowerShell if the system doesn’t require them.