Breaking

Tuesday, February 14, 2017

The Rise of Fileless Malware: Over 100 Telecoms, Banks, Gov’t Orgs Under Attack



Researchers have issued a warning that hackers are resorting to the use of file-less malware programs to gain stealth access to the systems of organizations. This new form of attack is not only severe regarding its consequences but also represents a new threat, given its growing level of popularity. Here are details about this new form of stealth malware that you need to know.

What is File-less malware?

This is a new form of malware that manages to hide within a computer system and successfully escapes detection. Conventionally, cyber security experts could detect malware in any system because malware programs usually depend on the hard drives of computers for their operation. Thus, anti-malware programs can detect malware by scanning all the files that are on the hard drive of a device.

Source: Kaspersky Lab
However, this new form of malware does not depend on the files on the hard drive of a device for its survival. In practice, the malware hides in the kernel of RAM of a device. Usually, ordinary users do not know how to access these areas of a device. Therefore, this new form of malware can remain in a device for a long time, giving the hackers unfettered access to a device and the system to which the device is connected.

How do hackers use this new form of malware?

Researchers at Kaspersky Lab indicate that hackers have devised new techniques that they use to control this new type of malware. You should bear in mind that so far all indications are that hackers use this type of malware to launch attacks against institutions across the world. For instance, researchers at Kaspersky Lab have pointed out that hackers are using this new type of malware to attack the systems of banking institutions across the world specifically. The hackers stealthily use file-less malware to gain deeper access to the systems in use
Hackers follow these steps when using file-less malware programs to launch attacks:
1 Hackers hack the servers of their target. At this stage, the hackers use some of the most common exploits to gain unauthorized access to the servers of their target. Once the hackers can access the servers, they start looking for vulnerabilities that they can take advantage of. 
2 The hackers then infect their target computers with special malware. For the hackers to successfully infect the computers of their targets, they rely on specialized tools such as Meterpreter and PowerShell scripts. The attackers use inventive methods to successfully infect the computers of their targets with special malware programs. 
3 Once the script of the hackers has been successfully installed on the target computer, it hides in the RAM or Windows registry. The ability of the malware program to hide in the RAM or other odd places in a computer makes it very dangerous in the long run. On the one hand, it makes it impossible for security experts to detect any abnormal activity on a computer. On the contrary, it makes it possible for the malware program to collect as much information as it can from the targeted device. In practice, the script looks around for passwords and other sensitive sets of information. 
4 The malware program then starts to channel the information that it gathers in a device to the attackers. To achieve this objective, the malware uses special procedures that help it tunnel the trove of data it steals to a C2 server.
5 Once a user reboots a computer, the malware disappears from the device, making it impossible for detectors to pinpoint any abnormal behavior on the computer.

What is the effect of the malware so far?

So far, the malware has been successfully detected in more than 40 countries around the world. Researchers, using sophisticated tools have managed to pinpoint particular cases in which hackers have been using this new form of malware to gain access to the systems of enterprises.

In all cases, it appears that the modus operandi of the hackers using this type of malware does not change. The hackers repeatedly target financial institutions with the sole aim of gaining access to ATM cards and other forms of credentials that they can use to steal money from the banks.
In conclusion, this new kind of malware poses a significant danger to institutions and individuals. Hackers are increasingly using it to target enterprise systems. The fact that the malware works stealthily means that it is difficult for it to be detected and dealt with.
Source: Kaspersky Lab

No comments:

Post a Comment

loading...