Security News Will fileless malware push the antivirus industry into oblivion?

[LASER_oneXM]

The rise of the fileless threat
Fileless threats are not a new occurrence, but there has definitely been a rise in attack reports leveraging them.
According to Kaspersky Lab researchers, fileless malware is being used in attacks by both targeted threat actors and cybercriminals in general.
“We have seen such techniques being widely adopted in the last few months. We find examples in the lateral movement tools used in Shamoon attacks, in attacks against Eastern European banks, and used by different APT actors such as CloudComputating, Lungen or HiddenGecko, as well as in the evolution of old backdoors like Hikit, which evolved to new fileless versions,” they noted.

“This trend makes traditional forensic analysis harder, traditional IOCs such as file hashes obsolete, application whitelisting more difficult, and antivirus evasion easier. It also helps to evade most of the log activity.”

SentinelOne also pointed out that the Angler EK now has a fileless option, and Kovter, Phasebot, Powersniff and LatentBot are just some of the recent examples of threats employing in-memory tactics.

And while executable files are still a highly-encountered type of threat, fileless threats should not be discounted, especially as they have an easier time evading traditional and static file inspection dependent security models.

 

[DeepWeb]

Traditional AVs are obsolete. This battle is in the hands of Microsoft. They just have to release patches quickly enough, enforce ASLR and DEP system-wide.

 

[In2an3_PpG]

All i can say is, Appguard.

 

[tryfon]

If we see a fileless malware epidemic as large as WannaCry, we are in some serious trouble.

 

[brambedkar59]

Oblivion? No. But it will definitely force the AV industry into inventing new types of defenses against malwares. Maybe 'Default Deny' will be used in consumer products at default settings.

 

[tonibalas]

@rockstarrocks i agree with you.
I think in a few months we will see security companies adding another module on their products.
Like we saw the anti-ransomware module

 

[Deleted member 178]

If we see a fileless malware epidemic as large as WannaCry, we are in some serious trouble.

Fileless attacks exist since years, mostly used by pentesters and serious hackers; Wannacry just put the light on them so now the public knows about it.

 

[Tinm]

As malware is evolving so do AV industry. AVs are also inventing new techniques of protection. The name may just be AV but products are much more than that.

 

[Windows Defender Shill]

No, if anything it helps justify the cost of an AV for me.