Fileless malware, much like what has previously only been seen in nation-sponsored cyberattacks, is now “going mainstream,” as criminal hackers begin using the same in-memory bug on banks, government agencies, and other enterprises across the globe.
Kaspersky Lab in Moscow has published research claiming that at least 140 entities have been infected.
“The so-called fileless malware is unique in its ability to disappear after being installed on a server. Once the attacked computer is rebooted, the malware renames itself, leaving no detectable trace of its existence,” Gizmodo explained. “It can take several months before sysadmins realize the machine has been infected. During that time period, hackers can steal freely from the coffers of the affected enterprise.”
Two years ago, Kaspersky discovered that they themselves had been compromised with in-memory malware that affected their networks directly. The bug, which they named Duqu 2.0, was derived from Stuxnet, the infamous malware developed by the US and Israel to sabotage Iran’s nuclear program. While they have not yet named the in-memory malware they have tracked, the anti-virus company says that it is very similar to Duqu 2.0.
Kaspersky found the malware in over 40 nations, including 21 cases in the United States. They have promised to provide further details about the attacks, as well as the hackers objectives, during the Security Analyst Summit in St. Maarten in April.
Source: Sputnik News