Doing more with less: a study of file-less infection attacks скачать в хорошем качестве

Doing more with less: a study of file-less infection attacks

This presentation by Benjamin S. Rivera and Rhena U. Inocencio (Trend Micro) was delivered at VB2015 in Prague, Czech Republic. In the past, malware evasion techniques ranged from simple hidden file attributes to more advanced rootkit technology. Recently, however, notable pieces of malware have been using the seemingly contradictory - and arguably more powerful - method of going undetected by file-based anti-virus solutions: going 'file-less'. Indeed, 'file-less' infection opens up a wide range of possibilities for cybercriminals and threat actors as they continue to improve their tools and tactics to ensure that their arsenal stays as long as possible on a target system and to make forensic investigations difficult. Among the real-world examples of this infection technique include threats that abuse Windows PowerShell features, recent attacks launched where malicious codes are injected directly into other processes, and notable malware families where binaries are placed in the registry entries. We will discuss the threat behaviour and technical details of these examples, along with various case studies and incidents we have investigated. As a result, we will gain a thorough understanding of how file-less infection attacks will impact the threat landscape as a whole. We will also discuss how holistic reputation-based technologies will help correlate the components of a file-less attack and create appropriate solutions that will help protect users and organizations from these threats.