As security measures get better at detecting and blocking both malware and cyberattacks, adversaries and cybercriminals are forced to constantly develop new techniques to evade detection. One of these advanced techniques involves “fileless” attacks, where no executable file is written to disk. These attacks are particularly effective at evading traditional antivirus (AV) solutions, which look for files saved to disk so they can scan them and determine if they are malicious. While fileless attacks are not new, they are becoming more prevalent. In their recent investigations, the CrowdStrike® Services incident response teams found that eight out of 10 attack vectors which resulted in a successful breach used fileless attack techniques. There are multiple techniques that can be used to compromise a system in this fashion.
This infographic walks you through a fileless attack end-to-end, showing you the goal, tool and technique used in each step of the adversary’s attempt to breach your security (click to enlarge):
The CrowdStrike Falcon® platform employs powerful endpoint protection methods that detect and prevent fileless attacks that evade legacy solutions. Features such as CrowdStrike’s indicators of attack (IOAs) identify and block malicious activity during the early stages of an attack like the one described in this infographic – before it can fully execute and inflict damage.
To learn more about how the CrowdStrike Falcon platform defends against fileless and other sophisticated attacks, read the white paper: Who Needs Malware? How Adversaries Use Fileless Attacks to Evade Your Security