• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Uncategorized  /  This is how hackers can invade your system without installing malware
invasion
01 February 2019

This is how hackers can invade your system without installing malware

Written by Ankita Ashesh
Ankita Ashesh
Uncategorized
  • 13
    Shares
Estimated reading time: 3 minutes

Even those with a passive interest in cybersecurity have a fair idea of how hackers can take control of a system. This is mostly done through malware – unsuspecting users somehow download or access a malicious file or a script. This script opens blackholes into the system allowing access to hackers.

In this sequence of events, a good cybersecurity solution will step in right at the beginning. It will detect the malicious file and prevent the user for accessing it or even if it is downloaded, quarantine it so it cannot access the other files.

Invisible danger

However, cybersecurity criminals are getting even craftier by the day and they have moved on to different avenues for hacking systems.  A new technique that has been developed recently is gaining access to systems through fileless malware.

But what is a fileless malware? As explained by Seqrite in an earlier article, fileless malware refers to a cyberattack where no ‘files’ are involved. In other words, unlike the scenario described above, a fileless malware does not place an executable file on the disk. It instead operates in the computer’s internal memory i.e. RAM. This means traditional antivirus software will have a hard time detecting a fileless malware infection because there is no ‘malicious file’ to detect. By using a fileless malware, attackers can hide their presence in your computer and cause all sorts of damage (steal information, download additional malware, gain access to higher privileges, etc.) without raising an alarm.

The modus operandi

How does fileless malware operate? Quick Heal Security Labs have run analyses of some cases of fileless malware which can found in detail here and here. These malware have some unique techniques – they use malicious script files such as JavaScript, HTA, VBA, PowerShell, etc. for in-memory or non-malware attack. In one analysis, it was observed that an attacker used an XML script with a Windows Script Component (WSC) to deliver a malicious payload, which had the ability to easily modify obfuscation. A small XML script with a set of instructions was used to download another script file from compromised websites.

In another case, it was observed that fileless malware, also known as PowerShell Malware, used PowerShell to load Base64 encoded shell scripts stored in the Windows registry leading to Click Fraud Malware campaign.

Why choose Seqrite?

To protect against these kinds of fileless malware, it is advisable to use solutions like Seqrite. Seqrite Endpoint Security Enterprise and Quick Heal Total Security received a BEST+++ Certificate from AVLab, an independent organization that conducts tests on security software for corporate networks and individual user devices, on the Fileless Malware Protection Test.

These certificates demonstrate and recognize Quick Heal’s prowess in preventing fileless malware attacks. Quick Heal’s advanced Behavior Based Detection system (BDS) monitors applications like PowerShell, Office applications, rundll32.exe etc. which are widely used for file-less activity. BDS modules also checks for suspicious command-line parameters of critical applications which help to stop file-less attacks at initial stages. BDS successfully blocks some advanced and sophisticated techniques by attacker like cross-process injection, process-hollowing, reflective dll injection. An effective way to find fileless malware is scanning process memory for malicious code; Quick Heal’s memory scanner continuously checks process memory for such bad code and takes appropriate action on it.

Other methods that can be taken by end-users to prevent these kinds of attacks are:

  • Use of a security solution that puts layers of defense between your computer and malware threats. Keep the software up-to-date.
  • Keep your Operating system and other software such as Adobe, Java, Internet browsers, etc., up-to-date.
  • Avoid websites that throw unnecessary or lots of advertisements.
  • Install software only from genuine and trusted sources only.
  • Do not click on links or download attachments received in unknown, unwanted or unexpected emails.
  • Always keep a secure backup of your important data.

As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more

 Previous PostWhat are intra-state cyber threats and how to handle them?
Next Post  Can EVMs get hacked? We tell you the truth
Ankita Ashesh
About Ankita Ashesh

...

Articles by Ankita Ashesh »

Related Posts

  • Gorgon APT fractures India’s Industrial Backbone

    Gorgon APT targeting MSME sector in India

    August 10, 2020
  • Way Out of The MAZE: A Quick Guide For Defending Against Maze Ransomware

    May 21, 2020
  • The-need-for-businesses-to-empower-the-CISO

    Why do boards need to empower their CISO?

    October 22, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • RAT used by Chinese cyberspies infiltrating Indian businesses RAT used by Chinese cyberspies infiltrating Indian businesses December 18, 2020
  • How can EdTech companies deal with rising security challenges? How can EdTech companies deal with rising security challenges? December 24, 2020
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Are we prepared against risks generating from the IoT revolution?

    Are we prepared against risks generating from the IoT revolution?

    January 15, 2021
  • Proactiveness is the key to resolving hybrid cloud’s security challenges

    Proactiveness is the key to resolving hybrid cloud’s security challenges

    January 6, 2021
  • How can EdTech companies deal with rising security challenges?

    How can EdTech companies deal with rising security challenges?

    December 24, 2020

Stay Updated!

Topics

Antivirus For Linux (10) Antivirus For Server (9) BYOD (9) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (274) cyber security (25) Cyber threat (29) cyber threats (44) Data (10) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) incident response plan (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (54) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.