Sankei learned on August 19 that a new type of cyberattack is on the rise in Japan, the so-called fileless attack that can infect computers through emails that do not have computer viruses attached. Hackers have devised a way to imbed their malicious program that enables remote access to a victim’s computer to download viruses through what seems like normal operation, making detection very difficult. Experts are raising an alarm over the latest “undetectable” threat.
According to information security companies, the first domestic case of the fileless infection method was detected around October of last year, and it has propagated fake emails to academic institutions and IT companies. Around the same time, overseas government and financial institutions have been targeted. The purpose of the cyberattacks all seem to be to steal information.
Cybercriminals gain remote access to a victim computer’s standard administrative tool called Windows PowerShell (PS) developed by Microsoft by having users open a file embedded with an illicit program attached to a fake email. PS is a versatile tool that enables remote access and execution of various functions, which can cause significant damage when hacked.
Conventional viruses are attached to fake emails in the form of lone execution files that can execute functions, such as spreadsheet and word-processing software. The letters of file extensions that indicate file types typically end in exe.
On the other hand, the fileless malware have a different set of file extension like LNK that are not in executable formats. The script cannot achieve its ultimate goal of acquiring information on its own as it is not the main virus. However, it is nonetheless a potent means of attack as it includes programs that can manipulate PSs.
Until it is detected, it will continue to send commands to download various viruses through servers dedicated for remote access to increase its capabilities. The downloaded viruses are able to hide in an undetectable space, allowing them to continue their assault.
PS is a legitimate administration tool used for intrusion testing and maintenance. This makes detection almost impossible as anti-malware tools deem the malicious activities executed through PS as sound.
“It’s the most evolved in that it can hide itself,” warns Katsuyuki Okamoto, a security evangelist at Trend Micro, a Tokyo-based information security company.