ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Fileless cyberattacks: Analysis and classification

  • Received : 2020.03.10
  • Accepted : 2020.09.10
  • Published : 2021.04.15
Download PDF
⟨ Previous Next ⟩

Abstract

With cyberattack techniques on the rise, there have been increasing developments in the detection techniques that defend against such attacks. However, cyber attackers are now developing fileless malware to bypass existing detection techniques. To combat this trend, security vendors are publishing analysis reports to help manage and better understand fileless malware. However, only fragmentary analysis reports for specific fileless cyberattacks exist, and there have been no comprehensive analyses on the variety of fileless cyberattacks that can be encountered. In this study, we analyze 10 selected cyberattacks that have occurred over the past five years in which fileless techniques were utilized. We also propose a methodology for classification based on the attack techniques and characteristics used in fileless cyberattacks. Finally, we describe how the response time can be improved during a fileless attack using our quick and effective classification technique.

Keywords

References

  1. S. Herzog, Ten years after the Estonian cyberattacks: Defense and adaptation in the age of digital insecurity, Georgetown J. Int. Affairs, 18 (2017), 67-78. https://doi.org/10.1353/gia.2017.0038
  2. J.-Y. Kong, J. I. Lim, and K. G. Kim. The all-purpose sword: North korea's cyber operations and strategies, in Proc. Int. Conf. Cyber Conflict (Tallinn, Estonia), May 2019, pp. 1-20.
  3. K.-G. Kim, State-sponsored hacker and changes in hacking techniques, 2017.
  4. F. Dang et al., Understanding fileless attack on linux-based IoT devices with HoneyCloud, in Proc. Annu. Int. Conf. Mobile Syst., Applicat., Services (Seoul, Rep. of Korea), June 2019, pp. 482-493.
  5. B. N. Sanjay et al., An approach to detect fileless malware and defend its evasive mechanisms, in Proc. IEEE Int. Conf. Computiational Syst. Inf. Technol. Sustainable Solutions (Bengaluru, India), 2018, pp. 234-239.
  6. B. S. Rivera and R. U. Inocencio, Doing more with less: A study of file less infection attacks, Virusbulletin, (2015).
  7. Sudhakar and S. Kumar, An emerging threat fileless malware: A survey and research challenges, Cybersecurity. 3 (2020), 1-12. https://doi.org/10.1186/s42400-019-0043-x
  8. The evolution of the fileless click-fraud malware poweliks, https://www.symantec.com/content/dam/symantec/docs/securitycenter/white-papers/evolution-of-fileless-click-fraud-15-en.pdf, Accessed: 06.09.2015
  9. G. Lee, K. Kim, and S. Lee, Analysis and detection methods for the fileless in-memory malwares, 2017 Conference on Information Security and Cryptography-Summer, 2017.
  10. B. Mo et al., The classification model of fileless cyber attacks, J. KIISE 47 (2020), 454-465. https://doi.org/10.5626/jok.2020.47.5.454
  11. Paul Rascagneres, Poweliks: The persistent malware without a file, 2016.
  12. GData, Where we go, we don't need files: Analysis of fileless malware "rozena", https://www.gdatasoftware.com/blog/2018/06/30862-filelessmalware-rozena, Accessed: 08.03.2020
  13. Z. Kim, Attackers stole certificate from foxconn to hack kaspersky with Duqu 2.0, Wired, June 2015.
  14. Check Point, Kovter ransomware - the evolution: From police scareware to click frauds and then to ransomware, https://blog.checkpoint.com/2016/04/15/kovter-ransomware-theevolutionfrom-police-scareware-to-click-frauds-and-then-toransomware/, Accessed: 08.03.2020
  15. CISA, Petya ransomware, https://www.uscert.gov/ncas/alerts/TA17-181A, Accessed: 08.03.2020
  16. A. Berry, J. Homan, and R. Eitzman, Wannacry malware profile, Hentet fra, https://www.fireeye.com/blog/threatresearch/2017/05/wannacry-malware-profile.html, 2017.
  17. MalwarebytesLab, Magniber ransomware: Exclusively for south koreans, https://blog.malwarebytes.com/threatanalysis/2017/10/magniber-ransomware-exclusively-for-southkoreans/, Accessed: 08.03.2020
  18. AhnLab, Asec report vol.88 q3 2017, https://global.ahnlab.com/global/upload/download/asecreport/ASECREPORT_vol.88_ENG.pdf, Accessed: 08.03.2020
  19. AhnLab, Asec report vol 91 q2 2018, https://global.ahnlab.com/global/upload/download/asecreport/ASECREPORT_vol.91_ENG.pdf, Accessed: 08.03.2020

Cited by

  1. Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework vol.11, pp.16, 2021, https://doi.org/10.3390/app11167738