Fileless Malware

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi there welcome to another video on my Channel today I'm going to talk about filed as malware thank you for tuning in as the beam suggests finest land where infects computers living behind do trace on the local hard drive this allows such infection to go unnoticed as most antivirus and forensic tools identify attacks using signature-based of patent based validation using a mind map I will cover the basics of finest malware what it is how it propagates what defense options we have currently and we look at some examples of file s malware so what is file s malware it is a manner which has evolved it is a new strain a new technique of attack it is also termed as non malware it basically mishits its malicious activities from the memory itself so it lives in memory and piggyback on other trusted programs to identify and exploit vulnerabilities that may be unknown or not get patched up on a machine it leaves no trace on the hard disk or in some case in the code exists but is shrouded underneath a trusted program we will discuss more on this later finest malware can evade the traditional antivirus and malware programs because the signature-based technique that is popularly used for Low's protection layers requires the payload of the malicious code to exist in a file it is categorized under advanced for a target group AVT this group includes threads that are initiated from the volatile memory also known as the ram and then remove traces of its existence when it is done so let's look at the how part of it how does the attack happen as us with most threats the entry point is most often the browser or an email that has a clickbait Tullio the user to perform an action once the action is performed and the malicious code is loaded in memory based on its design it will try different alternatives to exploit the machine so it could take it back on the legitimate program such as PowerShell windows management instrumentation or the disguised as a macro in a further excel file and then try to gain the access available to the hooked on requested program and misuse it a finder's Malik could also drop an entry in the registry to allow it to get spawned across system restarts all a finest man work could simply remain active as long as the machine is on and try to exploit vulnerabilities it was designed for it is simply running the memory I undefined whatever is open for attack it's a program lurking in the background just waiting for the right opportunity to come by okay let's look at the protection there what kind of protection do we have as I mentioned wherever I get a chance get rid of that admin access or your login office users should not have admin access granted on the login for home machines remove admin from your login and create a separate local admin account you can use this local admin account when there is a genuine need to install software or Auto settings the default login that you will use will perform the application activity such as email browser or run local programs and these do not require allen access if you are able to eliminate admin access it is the root cause of 90% of the problems out there this is the most common problem on Windows machine get rid of that admin access period the next important point on my list educate yourself and your users send them short and frequent security related communications call in for a discussion or have periodic trainings all in the name of protection of information assets this also avoids financial losses for the company it's also repetition it also prevents the reputation loss it is very important aspect connect with the users teach them educate them educate users to not open and forward elements or links that are not from trusted parties such central careless actions can result in conflicts reactions and losses one more point which is optional but worth considering cold due to your machine when the work is done don't be lazy to just sleep or keep the machine running for days a machine with a longer uptime is a good breeding ground for AVT growth threads next invest in a rock-solid web filtering solution and create appropriate access policies do not aim at locking down users instead focus on eliminating the risk categories and unused protocols a lot of wonderful software's out there example like blue code Z scalar web sells a lot many software's invest in one of these and deploy it at enterprise level this basically means all in points should be covered under D and they love a web filtering solution give preference to a cloud that filtering solution this is very good for end points which are traveling around connecting to multiple works apart from the corporate network there are best filtering solutions even for home use Google for it they're wonderful solutions out there this is a worthwhile investment next point investing the rock-solid email filter for corporates having their own even hosting install enterprise email filtering solution such as Barracuda Symantec Trend Micro exit icicle develop many out there do your due diligence find out which is good for your company gehrig install all email should come through a filtering solution your email filter will block junk and spam emails very important for the company and very important for ignoring users in spite of having a jungle spam email filter in place there is a possibility that certain percentage of spamming is could trickle in and this is where the user education would come into play if you have educated your users and if you invade the mighty savvy they will be smart enough to avoid clicking such emails next important point invest in a rock-solid endpoint protection apart from the signature based prevention technique and the machine learning techniques the protection program should also provide exploit protection and convention technology this would practically see the exploits that are still not fixed using force patches this could even sandbox whole releases of software legacy software that cannot be updated due to critical application dependencies there could be software which use an old version of Java and this could create a thread on the endpoints as well as on the server's sandboxing is a good option provided by some of the potential software's the product should also have a streaming prevention technique this is something new carbon black is a protection suite that use streaming prevention techniques and this approach individual machine activities are monitored and profiled they are categorized and trust level assigned now in the course of activities performed on a machine the defense layer will continue to monitor behind the scene as soon as an activity deviates from the existing profiles or is getting into low trust zone the defense layer would raise an alarm and prevent the wrongdoing before it actually happens it should be noted the protection software is continuously monitoring behind the scene and learning from the activities that having to form the machine and profiling that it is possible that a good amount of false positive is raised in initial days and admins will be involved in clearing up such kind of alarms it would happen in the initial days and after a period of learning the the software becomes smart enough to understand what is right profile and what is deviating from the expected workload on the machine here are some of the examples of protection Suites which are available in the market all the apart from these are lot many antivirus and anti-malware protection suites out there do your due diligence look at all the software find out what is best fit for your organization here corporates like big defender Trend Micro malwarebytes Kaspersky McAfee Symantec Carvin like what I just talked about in the previous point etc now it is possible that you can deploy more than one protection layer on an endpoint for example you could have the defender antivirus protection running on your machine and you could double it up with malwarebytes or you could have Trend Micro and you can add malwarebytes layer on top of it the advantage here is the traditional antivirus software are very good at protecting the older generation of threats sets which have existed for use and is software such as megabytes are very good at identifying and lacking in modern generation of threats here are some examples of finest man way face bought angler trojan quarter powerlinx this completes my presentation finest malware has been in existence for few years but not many attacks have been reported this is one of the areas which would be a cause of concern going forward because not many protections exists and it's not easy to detect such kind of attacks do not depend on what kind of prevention techniques you use difficult to identify such kind of attacks which are residing in memory and then trying to identify loophole so exploits on your system thank you for your patience I hope this video was useful in explaining what is the finest malware and what you can do apart from what I have highlighted over here there is a lot of change happening in the security Delaine it is important that subject matter experts keep themselves updated about the latest and proposed the right protection layer for companies as well as for home use you

Info

Channel: digbytes

Views: 6,254

Rating: 3.974359 out of 5

Keywords: fileless, malware, protection, threat, exploit, vulnerabilities, digbytes

Id: JclfXNpxUYg

Channel Id: undefined

Length: 14min 47sec (887 seconds)

Published: Tue Jul 18 2017