Recent Fileless Malware Attack Runs Rampant
A recent fileless malware campaign came to light over the weekend, which infected computers in various locations. According to Engadget, the malware campaign targeted businesses in Europe, the Middle East, and Africa. The malware was distributed via a malicious email with a hyperlink to an “invoice” or “order number”. The link displayed as if it were a PowerPoint document. However, the user did not have to click on the link to begin executing the scripting attack. By simply hovering the link, the attack was triggered.
Protection and Prevention
Engadget states,
“If you’re running a newer version of Microsoft Office, though, you’ll still need to approve the malware’s download before it infects your PC. That’s because the more modern versions of the suite has Protected View, which will show a prompt warning you about a “potential security concern” when the script starts running. Just click Disable, and you’ll be fine. However, older versions of the suite don’t have that extra layer of security.”
Unfortunately, few security solutions are blocking fileless attacks. However, PC Matic recently shared a new layer of protection that was added to their security software solution, fileless ransomware detection.
Fileless attacks are different than traditional malware attacks because they execute through a scripting agent. These scripting agents include PowerShell, Cscript, Wscript, etc. Typically, fileless attacks are more successful than malware distributed by files because security solutions are not scanning for malicious scripts — they scan for malicious files. Therefore, for most PC users, the malicious script will be allowed to execute.
