A fileless attack (“memory-based” or “living-off-the-land,” for example) is one in which an attacker uses existing software, allowed applications and authorized protocols to carry out malicious activities. More and more attackers are moving away from traditional malware—in fact, 60% of today’s attacks involve fileless techniques.
These attacks are capable of gaining control of computers without using traditional executable files as a first level of attack. With fileless attacks, an attacker is able to infiltrate, take control and carry out objectives by taking advantage of vulnerable software that a typical end user would leverage on a day to-day basis (think web browsers or Office-suite applications). Attackers will also use the successful exploit to gain access to native operating system tools (like PowerShell and Windows Management Instrumentation – WMI) or other applications that grant the attacker a level of execution freedom. These native tools grant users exceptional access and privileges to carry out the most basic commands across a network that lead to valuable data.
The reason fileless are so prominent is because traditional AV and machine-learning AV can’t prevent (or even detect) non-malware attacks, providing attackers with a point of entry that goes completely overlooked. If the goal of an attacker is to gain a foothold or exfiltrate valuable data, then non-malware attacks accomplish this without fear of detection.