Fileless malware threats: Recent advances, analysis approach through memory forensics and research challenges

Abstract

The rapid advancements in cyber-attack strategies are in parallel with the measures for detection, analysis, and prevention. Attackers have recently developed fileless malware that can simply bypass existing security mechanisms. Researchers publish reports to help discover fileless malware and to better understand the threatʼs scope to counteract it. However, with the lack of studies on fileless malware regarding the classification and the scale of the threat, they have not been thoroughly analyzed. As a result, in this research, we explored the most recent advancements in fileless malware prevention and detection and highlighted future research challenges. We also propose an analytical approach based on the attack strategies and attributes of the selected sample. Our method simplifies feature extraction and reduces processing load. Furthermore, compared to the static analysis we do not need for decompression and unpacking for the analysis. We applied the proposed method on a real case example. It has been seen that information about fileless malware detection, working mechanism, attack method and attacker named “Kovter” can be accessed. Our approach is advantageous and can be applied as a new technique for fileless malware detection to protect systems from cyber threats. This paper also presents an insight to the fileless malware threat and provides a basic review of the methods and techniques used in the detection and analysis of fileless malware attacks.