![]() ![]() NET framework are already installed which attacker can use to exploit the vulnerability, one is WMI (Windows Management Instrumentation) (Graeber, 2015) and second is PowerShell. In Windows Operating Systems, two most powerful tools and. The attackers are mostly involved in exploring vulnerabilities in the legitimate software that are already installed in the machine such as flash player, web-browser, PDF viewer and Microsoft office to exploit and load a script directly into the main memory without even touching the local file systems (Pontiroli & Martinez, 2015 Rani et al., 2019). Although, the operating systems itself providing several capabilities to the attacker. The attacker has been using malware for its capabilities to control the compromised systems locally or remotely. However, in this case, there is none because the fileless malware does not reside in the file system, it is a running program in the memory (Mansfield-Devine, 2017 Tian et al., 2019a). When a system is detected as the compromised by some malicious program or malware, the very first thing a forensic expert will work to look for some malicious programs or software that should not be there. This strategy has become the non-malware or fileless malware (Patten, 2017 Kumar et al., 2019a). This malware has the capability of residing in the system’s main memory undetected making least changes in the file system. In 2002, the development of the malware industry had changed the entire threat landscape. Someone had to develop the code in such a manner so that no existing anti-virus (AV) software can detect its presence in the system. Throughout the history of the malicious programs, there is one thing which had remained unchanged, the development of the malware program. ![]() In the end, the specific research gaps present in the proposed process model are identified, and associated challenges are highlighted. We present a process model to handle fileless malware attacks in the incident response process. This survey makes a comprehensive analysis of fileless malware and their detection techniques that are available in the literature. To analyze such malware, security professionals use forensic tools to trace the attacker, whereas the attacker might use anti-forensics tools to erase their traces. The malware leverages the power of operating systems, trusted tools to accomplish its malicious intent. The fileless malware attack is catastrophic for any enterprise because of its persistence, and power to evade any anti-virus solutions. So, it does not use the file system, thereby evading signature-based detection system. Fileless malware does not use traditional executables to carry-out its activities. With the evolution of cybersecurity countermeasures, the threat landscape has also evolved, especially in malware from traditional file-based malware to sophisticated and multifarious fileless malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |