You can’t protect what you can’t see. Process memory is still goes unseen by most security tools, making memory the perfect target for cyber attackers. Recent in-memory attacks include GreyEnergy, BlackEnergy, WannaCry, NotPetya, Industroyer, Triton, Spectre and Meltdown. All of these attacks easily bypassed conventional security products.
While security solutions are still focusing on file-based attacks, advanced hackers have gotten creative. They’ve found ways to dig beneath the surface and manipulate binaries at the memory-level or use fileless malware (such as scripts and interpreted code) that activates legitimate tools on the victim’s system, such as PowerShell or Java Script - as demonstrated in the recent Ursnif bank Trojan. The security perimeter is no longer a fence that can keep out the bad guys because they’ve figured out how to dig a tunnel under your feet.
Sophisticated, multi-pronged techniques target applications at the memory level to infiltrate and hijack valuable data.
Attack types include:
- Zero-day attacks
- Fileless malware
- Buffer overflow exploits
- Stack smashing
- DLL injection & execution
- Return-oriented programming (ROP), ROP gadgets
- Side channel attacks
- Corruption of configuration data
- Spectre & Meltdown protection
Because of these tactics, Ponemom Institute has stated that a fileless attack is 10 times more likely to succeed than a file-based attack. What’s more, memory-based attacks are accounting for more cyber attacks overall – close to a third of attacks in 2018, up from 20% in 2017. We expect this rising trend to continue in 2019.
~~~
Further resources:
You Must Remember This: Memory-Based Attacks Are the New Battleground