It’s worse than the enemy you can’t see—it’s the enemy you don’t even know exists, that manages to infiltrate your defenses while simultaneously not even existing.
It sounds like something out of a sci-fi movie, but it’s here and it’s real. It’s called “invisible malware” or “fileless malware.”
What is fileless malware and what does it do?
The bare-metal cloud is the arena where the battle is taking place.
This refers to cloud services where the hardware is rented from a remote service provider.
Like anything else that is rented, the hardware is passed on to different customers.
And if one of those customers is particularly malicious, they could leave some fileless malware in there as a going-away present.
Fileless malware is exactly what it sounds like—a virus that doesn’t yet exist, therefore it cannot be detected.
Instead, it uses pre-existing applications and protocols to hide within the system.
From there it sniffs out and exploits system weaknesses, allowing for an outside hack.
How to defend against invisible malware?
Strategies for planting fileless malware can range from code installed into applications to scripting language.
They can include classic maneuvers from the outside, such as waiting for an employee to click on a link or banner ad that downloads the script into the system.
Possible outcomes include more businesses installing security that prevents employees from visiting sites that aren’t necessary for work or otherwise pre-approved by the tech team.
The consequences of clicking in the wrong place are just too high.
Employees may have to rely on their phones when they want to distract themselves from work.
Other short-term approaches include stronger reminders to employees about clicking on links within emails and downloading attachments.
Employees may also be required to all use the same browser, for the sake of streamlining security.
Fileless malware now accounts for more than half of all data security breaches and the ability to combat it has become the next great frontier for cybersecurity specialists.