Fileless and Zero-Day Attacks

Many computer users think that if they have a good Anti-Virus program running on their computer, that their computers will be safe from hacks and threats. IT security professionals have long known that is not the case, but now two newer types of attacks are proving it more often than ever. They are called Fileless and Zero-Day attacks. They happen FAST and the damage can be huge. Here’s what they are and how they work.

What are Fileless Attacks

Most users think that computer attacks happen when you open a virus-infected file of some sort. Your antivirus software is designed to catch such attacks, and many of them do a very good job of that. But these days, attacks can be embedded within a web page that you visit with your browser. In other words, no actual file download is required, which is where the term “Fileless” comes from.

Some antivirus programs scan web pages as you open them, but they generally work based on a set of rules or “signatures” that have been previously detected by the antivirus developers. Once the developers receive reports of a new virus (whether in a file or fileless), they analyze it, determine what’s different about it that caused it not to be detected by their existing virus definitions, and then they add this “signature” to the list of definitions. But that takes time...time you might not have to spare in order to protect yourself from a new attack.

The time between when a virus is released and the time it gets fixed can be days, weeks or months.

Many fileless attacks take advantage of newly discovered flaws in computer programs. For example, Microsoft Office has an entire macro language built into it. This language (and the code that runs it) is often updated, and if someone discovers a newly-added flaw in any of it, they can write some code that can exploit that flaw and attack your computer. And it’s not just new software that can be the source of a Zero-Day attack. Flaws are found all the time in older software, too.

That means that data can be corrupted, files can be deleted, and files can even held for ransom.

Similar Zero-Day attacks can happen within web browsers and other web applications that can reveal passwords, personal information, browsing history, access to cookies, and more. None of this is good for you or your company.

What Are Zero-Day Attacks

A Zero-Day attack is one that is discovered and immediately exploited. Generally speaking, it’s the job of the software author to patch and fix their own software. If Microsoft is told of a bug in their software, they’re going to go through a lengthy process in order to fix it. First, they need to figure out if the problem really exists. Then they need to figure out under what circumstances the flaw happens. If they’re successful in doing that, they need to figure out where in the software the flaw was created, and then write new code to fix their software.

But they’re not done yet. Now they need to test this new software to make sure that it actually fixed the problem...and also that the new fix didn’t cause any new problems. This process can take weeks or months, depending on the complexity of the software and the severity of the flaw.

So a Zero-Day attack is one that exploits a flaw in software before the software publisher has had a chance to fix it.

Are These Attacks Really A Problem?

In a word, YES. The Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, says that Fileless and Zero-Day attacks have increased by nearly 20% over the last year and that about two-thirds of all Enterprise level organizations have been hit by these attacks. The average cost of these attacks is about $440 per end-point (computer) for Enterprises.

But what’s more significant to you is that the cost for Small to Medium sized Businesses (SMB’s) is almost double that, about $763 per-incident. And it’s only going to get worse.

How To Guard Against Fileless and Zero-Day Attacks

So if antivirus software, and other file-based detection techniques can’t guard against these attacks, what can you do about them?

Computer Weekly says that “The report reveals that nearly half of all malware detected eluded basic antivirus (AV) systems, requiring a combination of legacy signature-based detection techniques and proactive behavioural detection to catch malware variants missed by signature-based detection.”

In other words, companies like yours need to increase the attention and investment you make in defending against malware like Fileless and Zero-Day attacks. And that means you’ll need to start using tools that aren’t looking for “signatures” in the malware, but that instead look at their behavior on your computer system and network. Software that scans a database or registry for usernames and passwords, or that connects and sends data to overseas servers, or that seeks to encrypt your files are all probably signs that the software should be stopped.

There are hundreds, if not thousands of different actions that malware can attempt, and behavior based security software watches for them.

Protect Yourself And Your Company

What’s your best solution to defend Fileless and Zero-Day attacks like these? First, always be careful when using new resources, websites and software. Second, call Digital Uppercut. We are cyber security experts and can configure your computers and network to minimize the likelihood of any kind of attack. And in the event an attack is ever successful against your company, our disaster recovery solutions can help you get back to work in your business in no time. Call Digital Uppercut at 818-913-1335 for a security or IT evaluation, or contact us today here.