Analysis of Advanced Volatile Threats Using Memory Forensics

Abstract

Malwares has always been one of the greatest threat actors for the organizations with their digital information infrastructure. Malware is any malicious program, file or executable whose prime purpose is to gain an unauthorized access or cause harm to the computer or the network system. It has always been a subject of concern for computer experts or even the users as the harm due to different types of malwares is increasing exponentially. Malware can be in any form i.e.; virus, computer worm, Trojan, phishing frauds etc. These threats actors are constantly evolving with a new and sophisticated ways to avoid detection and successfully perform the attacks. The rising power and ambitions were specially seen during year 2017 and the current year that is 2018. It was observed that during year 2017, almost 230000 malware samples were produced daily and around 4000 ransomware attacks threatened the organizations. Year 2017 also saw a sharp increase in the amount of fileless malware attacks, which grew by approximately 50% in 2017. Fileless malwares poses a threat to organizations and a big challenge for the information security professionals, mainly due to its use of different non-executable file formats for infection. Therefore, it becomes very difficult to detect such threats. These threats also pose challenge for detection due to its ability to execute its malicious logic exclusively in memory. This paper analyses in detail the file less malwares along with the similar volatile threats. As a solution, a tool has been proposed which can be useful in detecting such threat factors.