Open in app

Sign in

Write

Sign in

PROTECTING HEALTHCARE ENVIRONMENTS AGAINST FILELESS MALWARE — AND WHAT TO DO IF YOU’RE ATTACKED

Andrew Cauthorn
Datalogic
Published in
4 min readAug 15, 2019

A top concern for healthcare organizations has always been the safety of patient data, and rightly so, as HIPPA regulations set high standards, and breaking them can result in costly fines. As more healthcare systems add more connected medical devices and equipment to their networks, the risk of healthcare security breaches increases.

Today, network security is even harder to preserve than ever before, thanks to cybercriminals adding new methods of attack to their arsenal. One of those techniques — fileless malware — has been contributing to a rise in healthcare security incidents over the last few years. And as we all know, a security threat to a healthcare system can mean more than compromised data; it can mean life and death.

What is Fileless Malware?

Malware, in general, is a term derived from combining the words “malicious” and “software.” In a traditional malware attack, a hacker installs software on the victim’s device with the intent of damaging the machine, stealing data, and wreaking havoc. There are many types of malware, including viruses, spyware, and ransomware, which locks down a computer and holds the data ransom until the victim pays up.

A modern spin on malware is fileless malware. As the name suggests, there is no file or software installed on a victim’s machine. Instead, fileless malware leverages applications already installed on a device that the user assumes to be safe. Fileless malware attacks live in a computer’s memory, or RAM, and add malicious code to existing applications, like default Windows tools PowerShell and Windows Management Instrumentation (WMI). Since it doesn’t leave a file behind on a machine, fileless malware is difficult to detect and remove, and can effectively evade most common anti-virus software.

How does a Fileless Malware attack happen?

So, how does fileless malware infect a computer in the first place? Most often, fileless malware attacks are launched through web pages, via scripting languages like JavaScript. The script feeds commands to, for example, PowerShell. Once the commands are loaded, the computer is infected. Macros in Windows and the Flash video player system are other methods hackers use to launch a fileless malware attack.

While fileless malware isn’t technically a virus, it acts similarly, operating in a machine’s memory, but without being stored in a file on the device. This means fileless malware only exists as long as the machine is turned on. Turn the machine off, reboot it, and the threat is gone.

Why is Fileless Malware so dangerous?

Since fileless malware attacks are carried out by hijacking Windows tools that are already installed on a computer, rather than dropping a file on a machine, like traditional malware, they’re much more challenging to defend against. Standard anti-virus software isn’t able to detect these breaches, because there’s no file to detect, and even many advanced security tools struggle with identifying malicious use of PowerShell. In the end, this makes fileless malware attacks much more likely to succeed.

A second, and even more devasting, effect of fileless malware attacks is that the Windows applications they infect — PowerShell and WMI — carry out system tasks for multiple endpoints. Therefore, anyone with access to these applications has access to every other machine with which the application communicates. All a hacker needs are the user name and password for one machine to compromise the entire network.

How to defend against fireless malware attacks in the healthcare space

Healthcare security incidents have been on the rise for the last few years, with fileless malware attacks leading the way. Since these attacks are so stealthy and defending against them can be so challenging, it’s wise to follow the age-old saying that prevention is the best medicine. The first step? Make sure your Windows security is tight by keeping your software current. Microsoft updates its software regularly to ensure the latest security features are included ­– like detecting irregular PowerShell activity — so installing the newest versions as they’re made available is critical.

Having visibility to your system and the activity happening on it — as well as being able to control that activity — are also vital components to thwarting attacks. If you’re looking for a few simple things you can do to keep your healthcare system safe from fileless malware attacks, consider:

  • Keeping software up to date
  • Securing individual work stations and devices connected to the network
  • Monitoring network traffic and application use
  • Removing unused applications
  • Changing passwords often

So if you suspect a machine has been infected? Turn it off. Since fileless malware attacks run in memory, as soon as you turn the infected computer off, all evidence of the attack will be gone. Data may have already been compromised, but shutting down the infected machine will prevent the attack from spreading.

Security
Malware
Healthcare
Cybersecurity
Healthcare Technology

--

--

Andrew Cauthorn
Datalogic

Written by Andrew Cauthorn

12 Followers
Editor for

Marketer, fitness junkie, movie nerd, writer. Always learning.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams