Fileless Fever: An in-depth Breakdown of Attacks from Poweliks to PowerGhost
Kaarthik RM, K7 Computing
Fileless malware employ techniques to maintain their state of infection without dropping any of their core malicious components on disk. This is because the fewer the number of files created on disk, the greater the chances of evading file-based Anti-Virus detection. It might even seem that Anti-Virus scanners are chasing an almost invisible mouse, or perhaps mice, since Fileless malware has been on the rise for some time.
The challenges in detecting Fileless malware are several. Since malicious components do not hit the disk, contextual memory and registry scans would be necessary, and these could result in performance degradation. The harnessing of legitimate binary components could lead to false positives causing system disruption. This paper provides in-depth technical details on the Fileless attack tactics, techniques, and procedures employed by cybercriminals to achieve memory-only infections and fileless persistence, employing OS and offensive tools and non-PE infection vectors. Methods to counter the TTPs of Fileless attacks would also be discussed.
Kaarthik R Muthukrishnan
Kaarthik is a Senior Threat Researcher at K7 Computing’s Threat Control Lab. He graduated from SSN College of Engineering (Chennai, INDIA) in 2007 with a Master’s degree in Computer Applications. He began his career as a Threat Research Analyst at Technosoft Corporation in 2008. Kaarthik joined K7 Computing’s Threat Control Lab in December 2010. Kaarthik has authored a paper for VB2017, co-authored a paper for AVAR 2013 and blogs on the K7 Computing blog site. Apart from security, Kaarthik is passionate about photography.