“We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things with our defenses, either network-wise or at the end point.”
The attacks that Lentz is worried about are fileless attacks, also known as zero-footprint attacks, macro, or non-malware attacks. These types of attacks don’t install new software on a user’s computer, so antivirus tools are more likely to miss them.Fileless attacks also evade whitelisting.
With whitelisting, only approved applications are allowed to be installed a machine. Fileless attacks take advantage of applications that are already installed and are on the approved list. However, the terms “fileless,” “zero-footprint,” and “non-malware” are technically misnomers since they often depend on users downloading malicious attachment files, and they do leave traces on the computer if you know what to look for.
Read this article in full at CSO magazine. Article was also reprinted in ITworld, IT News and Security Asia and CIO Asia.