Many people are aware of the risks that viruses and outside actors can have on their computers. But what is not as wide known, is that hackers do not need these fancy tools. By taking advantage of your computer’s internal software and hardware, hackers can weaponize your computer even if you take all the external precautions.
Fileless Malware is a specific type of malware that does not use hackers’ tools or compromising emails. Rather, they use what’s already in your computer’s hard drive or software to bypass all your security measures and implant their own malware and viruses. The way in is simple, they find vulnerabilities in the operating systems, exploit it, then worm their way in to do massive damage. While Microsoft and Apple regularly update their newest systems once they find the exploit, its legacy systems that these hackers target.
Legacy systems are as they say, a legacy of an internet and security long past their intended service date. Among the key factors that defines these:
- Legacy systems no longer receive support and maintenance, although they can’t be replaced due to being essential for many organizations.
- They are based on outdated technology and thus, are incompatible with current, more advanced solutions.
- Such systems are unavailable for purchase - and rightly so.(1)
Unfortunately, many companies still rely on these outdated programs and operating systems, because they built their entire infrastructure around these older systems, with the costs of replacing their systems much more than most are willing to commit to, opening them up to malicious actors.
These hackers have many tools at their disposal to take advantage according to the website Crowdstrike. These include:
- Exploit kits: Exploits are ways to use vulnerabilities in an operating system. The kits are used to inject the code into the memory without having to write anything on the disk. This normally comes as the result of social engineering. They can also write code on the fly to customize each attack
- Registry Resident Malware: This malware can install itself into Windows to be able to avoid detection. Normally when scanned something like this would be picked up. By using a dropper program, the file will then use a dropper program to drop malicious code in
- Memory-only Malware: Memory-only malware resides only in memory. An example of memory-only malware is the Duqu worm, which can remain undetected because it resides exclusively in memory. Duqu 2.0 comes in two versions; the first is a backdoor that allows the adversary to gain a foothold in an organization. The adversary can then use the advanced version of Duqu 2.0, which offers additional features such as reconnaissance, lateral movementand data exfiltration. Duqu 2.0 has been used to successfully breach companies in the telecom industry and at least one well-known security software provider.
- Stolen Credentials: A common issue for many malware attacks. Someone’s credentials, most likely someone with access to data and money. With these credentials, they can figuratively walk in the front door and plant malware and other code at their leisure. The victims are left unaware while the system lets the recognized entry in, stealing their data and leaving through the backdoor.(2)
Hackers have hundreds of potential avenues to enter your system. But some do not need outside forces to hack your computers. With legacy systems, hackers can simply exploit vulnerabilities to get into your computer without your knowledge. Even without legacy systems, staying regularly updated can cut off avenues of attack. Vigilance and training continue to be the biggest ways of preventing cyber-attacks.