What is "Non-Malware"?
Over the last few months, the latest cyber security buzz word I have been hearing is "non-malware" attacks also know as file-less or memory based.
Not sure what it is?
In simple terms, a non-malware attack is one where the attacker uses existing software, authorized protocols to carry out malicious activities. These type of attacks are capable of gaining control of computers without the requirement of downloading any malicious files.
That being said, what does that mean to you?
A non-malware attacker is able to take over control, by taking advantage of vulnerable software, mostly software that you the end-user would normally be using ie Office, Web browser, and by using these exploits gain access to native OS tools. This grants the attacker access to your valuable data.
So why are we seeing these File-less attacks more and more: THEY WORK!
Just think about it. A cyber attack with out the use of an actual malware!!!! Cyber-criminals are finding ways to deploy these attacks on a larger scale.
So how do you defend against something that is file-less?
Unfortunately, many current endpoint security solutions do nothing to prevent or even detect file-less attacks. Traditional AV's are designed to identify threats at specific time reference. Since they look at the attributes of an executable, they are completely blind to face these types of attacks.
That is why I always suggest and use additional layers of protection.
Layers of security that proactively protects me from malicious websites, exploit attempts that try to bypass the native OS protection protocols, prevents attempts at executing from memory areas of the OS, and of course application hardening, allowing for my applications to be shielded from exploit attempts of known and unknown vulnerabilities. Last but definitely not least, a proactive protection against ransomware.