Sagacent's Blog

Sagacent has been serving the San Jose area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Fileless Attacks: What Are They and How Can You Prevent Them?

fileless attacks and how to prevent them

Given that the average business could be looking at a price tag of $3.6 million for a data breach, it's not worth leaving yourself vulnerable. Through lawsuits, a damaged reputation, and the loss of future profit, data breaches can destroy a company's bottom line. To protect your profits and data, you need to take steps to circumvent fileless attacks. What are these attacks and how can you protect yourself?

Here are 4 things you need to know about fileless attacks to help you guard against them.

1. They Depend on Trusted Software

There are all kinds of built-in alarms in firmware and operating systems, scanning to determine whether or not something belongs on your system. Fileless attacks, or non-malware attacks, are focused on exploiting this fact and will hide inside software that you trust. Once that software is loaded, the fileless attack can begin by taking control of your computer and achieve their objectives without downloading any software that would trigger your security programs.

For example, they're known to be able to use PowerShell, a key component of Windows' internal management software, to attack systems. They accounted for nearly half of the attacks made in the last year.

2. They Get a Hold of Important Information

Fileless attacks focus on getting ahold of privileged user information once they're inside a system. They try to attack high-level users so that they can capture coveted passwords and usernames.

They'll go into domain accounts or, worse, become IP administrators and begin to fish around your system. They'll attack from the ground up without running any malware. Once they have the keys to the castle, it can be hard to keep them out of your system.

Using phishing attacks, they'll take everything they can get their hands on and put your company in a difficult situation.

3. Accounts Need to Be Protected

Personal accounts are some of the easiest to infiltrate. They won't be monitored by your security software the same way as higher level accounts. A nefarious hacker could get in and the issues could quickly escalate.

They might even get into a local admin account. These accounts might be used for testing by entire teams and not tied to a specific person. Thus, they may go unmonitored and are at risk of being compromised.

Leaving the doors unlocked like that is a liability, making these types of local admin accounts risky to your data.

4. Beware of Abandoned Credentials

Make sure that you're scrubbing your credentials every few months. You should have a system in place that requires users to change their passwords every few weeks. This process would allow you to be able to protect all of your credentials.

If you have a former employee's account just sitting around, users could easily hack into it and get access to your system. If you're not decommissioning old employee accounts, you're leaving yourself open to being hacked.

Make sure your network is secure and that abandoned credentials don't give others easy network access.

Prevent Fileless Attacks

While it's hard to stop fileless attacks altogether, they can be slowed or stopped before they get out of hand. If you manage your credentials religiously and put up some triggers, you could at least get a warning about suspicious activity.

If you're considering training your employees on what to do in a security breach, check out our guide.

Sagacent Technologies offers technology management and support, including proactive/preventative maintenance, onsite and offsite data back-ups, network and security audits, mobility solutions, disaster planning and emergency business resumption services. The company serves clients of 10 to 150 employees within the Silicon Valley region.