Cisco: Introducing Exploit Prevention to Stop File-Less Attacks
In war, any good military strategist will try to exploit their enemy’s weaknesses. Cybercriminals are no different. They try to gain access to your endpoints and your sensitive data by exploiting weaknesses in your system, like a vulnerability in your software or in your operating system processes. Attackers are realizing that traditional file-based attacks that utilize malicious files (malware) are becoming less effective as cybersecurity technology becomes increasingly adept at detecting and blocking malicious files. As a result, attackers are using more “file-less” attack methods, or attacks where no actual malware file is used. They are also commonly referred to as “non-malware” attacks, or even “memory-based” attacks. The recent Equifax and DNC hacks are both high profile examples of file-less attacks.
But what exactly are file-less attacks? In short, they’re ways for an attacker to get a foothold in your system by exploiting vulnerabilities in native applications you use every day. They don’t entice you to download a malicious file which then executes and exfiltrates data. Instead, they exploit a vulnerability in your application to then, in a way, tell it what to do. It’s like planting a seed (injecting malicious code into memory) in an otherwise trusted application, and then that application runs the malicious commands and can open doors to other applications or processes to achieve its objective (steal sensitive data, hold a system ransom, etc).
Here’s a common example of how these work:
Read the entire article here, Introducing Exploit Prevention to Stop File-Less Attacks
Via the fine folks at Cisco Systems.