- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
Fileless Malware
Fileless malware is a type of software that infects a computer via legitimate programs without relying on traditional executable files. Instead, fileless malware leverages tools built in to the operating system itself to carry out attacks — a technique called living off the land (LOL).
Since fileless malware doesn’t write any activity to the device’s hard drive, it leaves behind little evidence and is resistant to strategies such as time-stamping, file-based blocklisting and signature detection.
The History of Fileless Malware
Although fileless malware has been around for a while, it emerged around 2017 as a mainstream cyberattack. Its roots can be traced back to terminate-and-stay-resident viral programs that resided in a device’s memory awaiting a system interrupt before gaining access to their control flow. Examples of these types of viruses include Number of the Beast, The Dark Avenger, and Frodo.
These techniques evolved and took on fileless nature by using in-memory injected network viruses such as Slammer and CodeRed. More evolved forms of fileless malware include Stuxnet and Duqu.
How Does Fileless Malware Work?
Fileless malware uses legitimate processes and admin tools such as PowerShell, Windows Management Instrumentation (WMI), and CMD to perform tasks like privilege escalation, lateral movement, payload delivery, and reconnaissance.
In addition to trusted applications, fileless malware can execute through lateral infiltration, phishing emails, and legitimate-looking websites.
While traditional malware is written to disk, fileless malware is written directly to RAM (random access memory).