London, UK – June 23, 2017 – This year, the number of sophisticated attacks that use fileless malware increased by 33%. Such attacks become more popular among cybercriminals due to the fact that they easily bypass antivirus systems and application whitelisting, and it is harder to investigate them by usual methods. One of the latest attacks was performed on the restaurant business in the US by FIN7 hacking group. Attackers conducted targeted phishing with well-tailored emails and malicious Word attachments. The Word document executed a fileless attack that used DNS-tunneling to deliver Meterpreter to the infected computer. Most modern security systems can’t respond to such an attack, so hackers managed to install backdoors for subsequent retrieval of financial information.
You can secure yourself against such kind of attacks with SIEM system and DNS Security Check use case, which alerts you on suspicious surges of DNS activity or traffic tunneling. Also, most of fileless attacks use vulnerabilities that can be patched. If Vulnerability and Patch Management process is implemented in your organization, you can avoid most of filess malware attacks. And not only them: until now some organizations report that they became the next victims of WannaCry, security update against which was released in March. SOC Prime’s CyberView platform is a tool for managing your SOC. With its help, you will not only be aware of all the vulnerable assets in the company and the most critical updates you need to install, but you will also be able to evaluate operations and efficiency of your SOC.