(Image: James Thew via Adobe Stock)
Even after 40 years of working to mitigate fileless attacks, the software industry is still struggling to eliminate them. By hijacking the control flow of a running application by exploiting a buffer-overflow vulnerability, fileless malware is responsible for numerous zero-day attacks. Yet despite the attention that Web attacks (such as injection and cross-site scripting attacks) get in the media, fileless malware remains the most dangerous cyberthreat today — and one few people understand.
Soon they will, courtesy of this three-part series in which I'll explore the software industry's attempts at solving this problem, including how countermeasures are being circumvented and what to do about it. In this, the first installment, you'll learn what fileless malware is and why it is so dangerous.
What Is Fileless Malware?Fileless malware hijacks legitimate programs via stealth attacks that evade detection by most security solutions. Because it doesn't rely on files and leaves no footprint, fileless malware is challenging to identify and frustrates the most adept forensic analysis.
A fileless attack uses a carefully crafted string of instructions — known as the payload — that is Base-64 encoded in order to evade checks that prevent malformed inputs. This payload can be delivered to the target host in many ways, such as in an input field exposed on a website, in a link, in a packet ..