Fighting Fileless Malware, Part 3: Mitigations

Fighting Fileless Malware, Part 3: Mitigations
Attackers can dodge the countermeasures you employ against fileless malware. So how do you mitigate the damage?

Last week, in part 2 of this series on fileless attacks, we discussed countermeasures — and how all those countermeasures can be circumvented. Yet, if all countermeasures can be circumvented, how does anyone begin to mitigate the impact of fileless attacks?


The most common and accepted solution is to patch whenever a vulnerability is announced as quickly as possible. When a security vulnerability is discovered, the software vendor is notified and (hopefully) takes responsible and rapid action to release a security patch. Customers then download the patch, test, and apply it to all of their systems that are impacted.
Even though a vendor may release a security patch within 72 hours of a vulnerability being reported, the average time from when a patch is released to when customers apply it is approximately 28 days—nearly a month. Whether the organization can't apply patches because of legacy applications or has decided to wait to patch the affected systems, that's a long time to remain totally exposed to a cyberattack. Furthermore, this approach provides absolutely no insight into whether a system was already compromised by the time the patch was applied. How can you be sure that your systems haven't already been compromised by the time you patch them?
Is there a better solution against fileless malware than patching alone? Turns out there is: Moving Target Defense (MTD).
Moving Target Defense
This concept is similar to the "shell game," dating back to anci ..