IS USING INTERNET SAFE?

-
Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...
Post a Comment

WHAT IS FILELESS MALWARE AND HOW IT WORKS?

-

It is common to associate malware with a file that we download and run unnoticed. Although this concept is not entirely wrong, the reality is that we can also find malware that does not require any file on the system to perform its malicious activity. This type of threat is known as fileless malware, a concept that is not new and has been in use since the early 2000s.

Fileless malware
Fileless malware attacks make use of the operating system's own tools and processes through a technique known as “Living off the Land” or “Living off the Earth”, which allow it to carry out its malicious activity using pre-installed elements and without dropping additional executables in the victim's system. In other words, it uses functionalities of the operating system against the user himself. This makes it difficult to detect, as the malicious code runs through legitimate processes.

What Is The “Living Off The Land” Technique?

This is a technique used by cybercriminals with more advanced knowledge to make their activities more difficult to detect on the victim's computer or network, since it allows them, among other things, to evade multiple security controls.

It consists of loading and executing malicious code entirely from the computer's memory without affecting the file system. Consequently, it generates little or no forensic artifacts that can be analyzed later.

It is important to clarify that this is a post-exploitation technique. In other words, the victim must first have allowed the malicious code to enter their system in some way. For example, when opening a Microsoft Office file with a malicious macro embedded or a PDF document containing malicious JavaScript code. These are very common infection vectors, but there are many others.

There is also the possibility that the threat is 100% fileless if the attacker exploits some serious vulnerability in the system and the malware is loaded into memory only through network packets. This has been seen, for example, with the SMB / Exploit. Double Pulsar backdoor, which exploits a vulnerability in the SMB 1.0 protocol. A threat that is still active in LATAM today.

Difficulty Establishing Persistence

Now, attackers have a downside. RAM is volatile and is removed, for example, by restarting the computer. This forces, in most cases, that cybercriminals establish some persistence mechanism for their malware. Although some are more sophisticated than others, in all cases we can find some trace of this activity that will allow us to determine its presence in the team.

In addition to the aforementioned case of Double Pulsar, we have recently seen this technique in the “Operation Ghost” malware campaign developed by the group “The Dukes”, also known as APT # 29. The fileless backdoors used by the organization.

How to Detect a Fileless Malware Infection?

The answer depends on the type of malware and the logging and auditing policy that was initially adopted. In general, if the malware has tried to persist on your computer, it has most likely created identifiable registry entries, scheduled tasks, or WMI subscriptions. However, if the malware did not establish persistence, it may not be possible to detect it, unless there has been a generation of corresponding logs prior to the incident.

For more advanced malware such as Double Pulsar, even generating logs, detection can be difficult, since the affected memory belongs to the Windows kernel and the applications will not be able to detect this activity. For this reason, analyzing network traffic and preventing infection by following the steps that we will mention later is essential.

How to Avoid Fileless Malware Infection?

Do not open attachments that have come to us by mail if the source is not trusted.

Disable automatic macro execution in Office, as it is a common propagation mechanism. Macros can be disabled globally via Group Policy.

Use total security solutions that analyze network traffic.

Use security solutions that analyze suspicious behavior in memory. These solutions are capable of identifying memory-resident malware.

Keep the operating system and applications with their security updates up to date.

Comments

Post a Comment

Popular posts from this blog

HOW TO STAY UP TO DATE ABOUT KEEPING DATA SAFE?

-
Image
Secure Your Wi-Fi Network Wi-Fi is that the most convenient thanks to hook up with the web, especially if you would like to attach quite one device in your home. However, make sure your Wi-Fi network is secure. This involves: Using encryption, preferably Wi-Fi Protected Access II (WPA2) because it's the strongest. You should be ready to do that within the security settings. Change the router settings so that the SSID remains hidden and could not be found by potential hackers. Change the name of your network (the Service Set Identifier or SSID) so that hackers cannot guess the manufacturer of the router. Making sure to use a strong password to gain access to your network. Also be careful when using a public Wi-Fi network like in a café. Never visit a sensitive site like online banking on a public Wi-Fi network because criminals can easily steal your data this way. Beware Of Dangerous Links Sometimes your computer can get infected with a virus if you simply click on a w...
Read more

COMPANIES INTERNET SECURITY

-
Image
The Internet today allows companies to break down many barriers. The first is the barrier to entry in relation to larger businesses. And it is that although a few years ago small companies were destined to a small growth and to advance with their products only to the market that was geographically closest to them, today an SME can literally compete as equals and sell anywhere in the world 24×7, with the same capacity. In fact, the trend in the medium term is the emergence of micro-multinationals, SMEs that focus on a global market. All can go out into the world. Using the internet in the company also facilitates teleworking and increases productivity within the company, making it efficient and turning its service into a remote one. That it can be handled from anywhere in the world, the trend indicates, that you must become independent of any ties right now. It seems like magic, but no, the internet is a tool that, well used, can be very beneficial for a company. Focus and find the be...
Read more

IS USING INTERNET SAFE?

-
Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...
Read more