Fileless malware does NOT leverage traditional executable files to do their dirty work. Without an executable, there is no signature for antivirus software to detect. Therefore, fileless malware is especially dangerous because it evades your traditional antivirus protection to gain a foothold within your dealership.
Fileless malware uses a tactic called Living off the Land (LotL). This is not a new cybercrime tactic, but it is one that is growing in popularity. Basically, attackers who use LotL tactics take advantage of trusted off-the-shelf and preinstalled system tools to carry out their criminal exploits. By leveraging fileless malware, criminals can hide their activity within a sea of legitimate processes.
For example, there are more than 100 Windows system tools that are running on a PC for legitimate purposes. Fileless malware can hide within these legitimate processes running on the operating system to perform reconnaissance, establish privilege escalation, gain remote access to devices, steal data, and disrupt business operations.
The cybercriminal is a professional criminal – not a kid just hacking for fun. These people have the best technology, and they are big believers in continuous improvement. When the good guys put up an effective defense – the cybercriminal figures out how to get around the defense. Cybersecurity is a never-ending battle. You simply cannot implement antivirus, firewalls, etc. and think that all is good and that you are secure. Don’t fall into a false sense of security.
To defend against fileless malware, the first thing you need to do is to make sure that all your computers are patched and up to date. Unpatched and out of date technology is one of the first things a cybercriminal will look to exploit.
Second, implement an ongoing cybersecurity awareness training program. This should be something that operates continuously to make sure that your employees know how to detect a phishing attack and what to do when they see one. 91% of successful attacks start with an employee clicking on a malicious link in an email.
Third, you need experts monitoring your systems 24/7/365 to hunt for system anomalies that can provide indications of a potential attack in the making. These are people who know what to look for and how to stop an attack BEFORE it can wreak havoc on your dealership.
Lastly, make sure that you understand, and tightly control, access rights and privileges on your network. Often, the cybercriminal will infect one PC and then move throughout the network looking for a richer more powerful target. Many fileless exploits count on the loose distribution of rights that aren’t needed or that are attached to users that are no longer employed.
Keeping your dealership’s data, finances, and reputation secure is a never-ending battle that requires the proper expertise and technology. If you need help, you know who to call.