Fileless Cyber Attack Facts for 2018 – Part 1
September 19, 2018Why Your Startup Needs Managed IT Services – Part 1
September 25, 2018As discussed in Part 1, nearly 80% of successful cyber attacks utilized fileless methods in 2017. Part 2 will discuss Antivirus Solutions Augmented and Five Methods for Reducing Vulnerability.
Antivirus Solutions Augmented
The effectiveness of fileless attacks diminished the confidence of organizations in their current security software in 2017. Less than 33% thought their existing antivirus solution can prevent this threat. Thus, a great majority are exploring new technologies. 83% of companies either replaced or augmented their antivirus solutions last year.
33% of respondents acknowledged replacing their antivirus solution or deploying the latest endpoint solution. 50% of companies retained existing antivirus software and augmented it with solutions providing increased protection and capabilities. However, just 54% of those surveyed believed the attacks could be prevented.
Five Methods for Reducing Vulnerability
The five methods listed below can significantly reduce an organization’s vulnerability to fileless attacks.
1) Block Activity
Detecting and blocking fileless attacks is dependent on the ability to spot malicious behaviors before damage occurs. If your organization has adequate manpower and resources, enabling and monitoring extended PowerShell logging will help detect suspicious scripts. Some endpoint protection solutions block malicious scripts automatically.
2) Beware of Macros
Users should be suspicious of Microsoft Office documents requesting them to enable macros. They are usually disguised as a way to enable content. Use endpoint protection that blocks malicious macros before they can execute. Regarding Microsoft Office, be sure to take steps blocking Dynamic Data Exchange (DDE) attacks aimed at infecting endpoints with Locky ransomware.
3) Disable Unused System Admin Tools
Enabled yet unused system admin tools such as PowerShell aren’t worth the risk. When disabling is not possible, use Constrained Language Mode to limit PowerShell to basic functionality. This will render numerous fileless attack methods unusable.
4) Patching
It should be standard IT security policy at every company to always patch software and operating systems.
5) Limit Access and Privileges
An organization’s user access and privileges should be limited to the absolute minimum needed. Microsoft’s Just Enough Administration solution can give you a hand.
Alpha Engineering Business Support
Choosing an expert computer technology-support provider is an important decision for your business. Alpha Engineering Associates has been a trusted partner of many companies in the Washington, Baltimore and Annapolis areas since 1990. For affordable client-focused network consulting services and solutions, please call Alpha Engineering Associates today at (410) 295-9500.