File-less malware : Facelift of APT (Slice - 1)
File-less threats are not new to Blue Teams. They have been an integral part of threats in the wild. Being introduced in mid-2014, this technique has been really difficult to detect and more difficult to defend for Blue teams. These malwares also shortly became one of the primary ways to create a persistent threat, especially in the manufacturing industry. These threats mostly spread through emails as in organizations, removable media is disabled and downloads from unknown sources are also blocked by admin. When the user downloads and unzips the zip file, auto executable file starts by itself. In organization level security policies javascript is a weak point as there is almost no way to restrict them. Most modern websites are dependent upon javascript. File-less threats use that loophole and creates registry entry with malicious javascript. While browser runs that script, it changes critical processes like powershell. As there is less provision for Blue teams / SOC teams to peek ...