[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.4218/etrij.2020-0086

Fileless cyberattacks: Analysis and classification

Lee, GyungMin (School of Cybersecurity, Korea University)
Shim, ShinWoo (Intelligent SW Research Center, LIG Nex1)
Cho, ByoungMo (Intelligent SW Research Center, LIG Nex1)
Kim, TaeKyu (Intelligent SW Research Center, LIG Nex1)
Kim, Kyounggon (School of Cybersecurity, Korea University)

Publication Information

ETRI Journal / v.43, no.2, 2021 , pp. 332-343 More about this Journal

Abstract

With cyberattack techniques on the rise, there have been increasing developments in the detection techniques that defend against such attacks. However, cyber attackers are now developing fileless malware to bypass existing detection techniques. To combat this trend, security vendors are publishing analysis reports to help manage and better understand fileless malware. However, only fragmentary analysis reports for specific fileless cyberattacks exist, and there have been no comprehensive analyses on the variety of fileless cyberattacks that can be encountered. In this study, we analyze 10 selected cyberattacks that have occurred over the past five years in which fileless techniques were utilized. We also propose a methodology for classification based on the attack techniques and characteristics used in fileless cyberattacks. Finally, we describe how the response time can be improved during a fileless attack using our quick and effective classification technique.

Keywords

classification; cyber security; cyberattack; fileless malware;

Citations & Related Records

Reference

1	Sudhakar and S. Kumar, An emerging threat fileless malware: A survey and research challenges, Cybersecurity. 3 (2020), 1-12. DOI
2	The evolution of the fileless click-fraud malware poweliks, https://www.symantec.com/content/dam/symantec/docs/securitycenter/white-papers/evolution-of-fileless-click-fraud-15-en.pdf, Accessed: 06.09.2015
3	G. Lee, K. Kim, and S. Lee, Analysis and detection methods for the fileless in-memory malwares, 2017 Conference on Information Security and Cryptography-Summer, 2017.
4	B. Mo et al., The classification model of fileless cyber attacks, J. KIISE 47 (2020), 454-465. DOI
5	Paul Rascagneres, Poweliks: The persistent malware without a file, 2016.
6	GData, Where we go, we don't need files: Analysis of fileless malware "rozena", https://www.gdatasoftware.com/blog/2018/06/30862-filelessmalware-rozena, Accessed: 08.03.2020
7	MalwarebytesLab, Magniber ransomware: Exclusively for south koreans, https://blog.malwarebytes.com/threatanalysis/2017/10/magniber-ransomware-exclusively-for-southkoreans/, Accessed: 08.03.2020
8	Check Point, Kovter ransomware - the evolution: From police scareware to click frauds and then to ransomware, https://blog.checkpoint.com/2016/04/15/kovter-ransomware-theevolutionfrom-police-scareware-to-click-frauds-and-then-toransomware/, Accessed: 08.03.2020
9	CISA, Petya ransomware, https://www.uscert.gov/ncas/alerts/TA17-181A, Accessed: 08.03.2020
10	A. Berry, J. Homan, and R. Eitzman, Wannacry malware profile, Hentet fra, https://www.fireeye.com/blog/threatresearch/2017/05/wannacry-malware-profile.html, 2017.
11	AhnLab, Asec report vol.88 q3 2017, https://global.ahnlab.com/global/upload/download/asecreport/ASECREPORT_vol.88_ENG.pdf, Accessed: 08.03.2020
12	AhnLab, Asec report vol 91 q2 2018, https://global.ahnlab.com/global/upload/download/asecreport/ASECREPORT_vol.91_ENG.pdf, Accessed: 08.03.2020
13	F. Dang et al., Understanding fileless attack on linux-based IoT devices with HoneyCloud, in Proc. Annu. Int. Conf. Mobile Syst., Applicat., Services (Seoul, Rep. of Korea), June 2019, pp. 482-493.
14	S. Herzog, Ten years after the Estonian cyberattacks: Defense and adaptation in the age of digital insecurity, Georgetown J. Int. Affairs, 18 (2017), 67-78. DOI
15	J.-Y. Kong, J. I. Lim, and K. G. Kim. The all-purpose sword: North korea's cyber operations and strategies, in Proc. Int. Conf. Cyber Conflict (Tallinn, Estonia), May 2019, pp. 1-20.
16	K.-G. Kim, State-sponsored hacker and changes in hacking techniques, 2017.
17	Z. Kim, Attackers stole certificate from foxconn to hack kaspersky with Duqu 2.0, Wired, June 2015.
18	B. S. Rivera and R. U. Inocencio, Doing more with less: A study of file less infection attacks, Virusbulletin, (2015).
19	B. N. Sanjay et al., An approach to detect fileless malware and defend its evasive mechanisms, in Proc. IEEE Int. Conf. Computiational Syst. Inf. Technol. Sustainable Solutions (Bengaluru, India), 2018, pp. 234-239.