Cybercriminals are more and more applying “fileless” assault this year that use trusted Windows executables to breach corporate networks and attack systems, claimed a new report this week. “Fileless” attacks do not drop malware on a user’s device. As an alternative, they employ software already present on the device or execute simple shellcode and scripts in memory, often concealed in the Windows Registry.
As per McAfee Labs (the global cyber security company), the “fileless” attacks are increasing this year since these assaults are released via memory or reputable executables and are difficult to detect. “One fileless threat named as CactusTorch employs the ‘DotNetToJScript’ method that executes and loads malicious .NET files straight via the memory,” McAfee claimed to the media in an interview.
“This year, we have seen swift development in the employment of CactusTorch, which can perform custom shellcode on Windows devices,” it claimed. Both corporate users and clients can fall prey to this danger. In Corporate sectors, hackers employ this method to move laterally via the system.
In Q2 Threat report from McAfee, much fileless malware was found to use Microsoft PowerShell to release attacks to create a backdoor in memory into a system increasing up 432% over last year. “Fileless” malware takes benefit of the trust factor between signed & genuine Windows applications and security software.
On a related note, Moscow-located Kaspersky Labs exposed the attendance of a new miner malware after its worldwide software systems lifted security concerns all over various customer platforms.
Dubbed as “PowerGhost,” the miner is claimed to have stealthily downloaded itself on a victim device and deploy all over corporations and workstation servers to attain their computing resources for mining of cryptocurrencies. Hackers using mining tools are becoming more and more complicated. They implement different tactics to avoid getting flagged to the user.