Non-Malware Is New, Destructive, and Untraceable. Are We Doomed?

Fileless malware, or non-malware, is the next big thing as far as cyber attacks go. You don’t have to accidentally download anything, and they don’t leave a trace! Is the internet doomed? Read to find out!

Remember this week’s report on the MoneyTaker attack? They used fileless malware in their attack, otherwise known as non-malware attacks. These types of attacks are on the rise. Why? Because they work. Here’s how according to CarbonBlack:

Non-malware attacks leverage a robust suite of tactics and techniques to penetrate systems and steal data without using malware at all. They have grown in prevalence in recent years as attackers have developed ways to launch these attacks at large scale.

Let’s take a look at an example attack:

  1. A user visits a website using Firefox, perhaps driven there by a cleverly disguised spam message.
  2. On this page, Flash is loaded. Flash is a common attack vector due to its seemingly never-ending set of vulnerabilities.
  3. Flash invokes PowerShell, an OS tool that exists on every Windows machine, and feeds it instructions through the command line — all operating in memory.
  4. PowerShell connects to a stealth command and control server, where it downloads a malicious PowerShell script that finds sensitive data and sends it to the attacker. This attack never downloads any malware.

Pretty serious, right? The graphic above displays the path of the file, and how non-malware might attack your computer. What does this mean? Stop using Flash? Delete FireFox? Quit using PowerShell, or WMI? Stop looking at cat memes on the internet? I guess you can choose to do any of those things, but it might not do you any good, since the internet is the number 1 way people conduct business, and your computer might not function if you do.

Can It Be Stopped?

So you can’t stop using the internet or your computer, but you also can’t afford to let non-malware run rampant. What do you do? How can you defend against malware that isn’t malware? How can you prevent a virus if there isn’t one? Current endpoint security solutions cannot prevent non-malware attacks because the way they identify risk is through machine learning of files.

Is there any hope for us internet users, or are we destined for ruin and chaos thanks to unstoppable non-malware attacks? Thankfully, no. New security technology called “streaming prevention” is a fundamentally new way to assess risk and prevent an attack. Unlike traditional machine learning, which analyzes the endpoints and individual events, streaming prevention monitors the relationships between these events.

As it figures out why each event and endpoint is interacting with another, it can decipher the reasons behind the events. If they are malicious, it shuts them down. You can’t disallow the use of Flash or PowerShell for everything, but if they are both used in a certain sequence, streaming prevention can detect it and stop the non-malware attack. Your computer has officially been saved. Resume looking at cat memes.