skip to main content

Ovum view


Fileless malware is exactly that: there are no files. The malware executes in memory with no footprint, and is therefore much more likely to succeed in its unwanted endeavors than “traditional” malware that leaves a trail. Fileless malware is also less likely to attract the attention of security analysts and associated antivirus (AV) and antimalware technology, and layered security and patching are needed.

Easily available toolkits increase prevalence of fileless malware

Organizations are widely aware of fileless malware. Ovum’s ICT Enterprise Insights survey shows network security, and security and vulnerability management, as the leading investment priorities for enterprises across the globe. However, countering it is complex because the lack of a signature makes it hard to detect by traditional AV software. Although fileless malware has been around for years, it has risen in prevalence recently, with easily available toolkits for threats to take advantage of.

Fileless malware uses frameworks and tools that are available on the targeted device. PowerShell, the Microsoft task-based command-line shell and scripting language, is often used, as are unsecured macros. Executed commands are assumed to be okay because they are executed by the machine, leaving the door open to an extended and undetected fileless malware attack over days and months.

Inadequate patch management is the cause of many malware infections, including fileless malware. Maintaining a comprehensive patch-management program for operating systems as well as installed software is essential if organizations are to protect themselves. There are no shortcuts to patch management, and the activity demands formal recognition within the organization.

Other approaches to addressing fileless malware include ensuring that non-essential capabilities are disabled on devices, despite business users’ calls for “open” devices to aid efficiency, and using behavioral detection to alert security analysts to unexpected activity and behavior on a device.

There are many other threat protection solutions and approaches available that can operate alongside traditional antivirus to address fileless malware. Overall, organizations should ensure they are patched in a timely manner and that layers of security are deployed so that threats will switch their attention to another organization that is perhaps less secure. Don’t let that be your organization.

This report was originally published in Computer Weekly (see Appendix) by Ovum research director Maxine Holt.


Further reading

ICT Enterprise Insights 2017/18 – Global: ICT Drivers and Technology Priorities, PT0099-000002 (September 2017)

On the Radar: Carbon Black defends against malware and file-less attacks, IT0022-001039 (July 2017)

Hackers, malware and insiders are present and active inside your security firewall, IT0022-000308 (February 2015)


Maxine Holt, Research Director, Infrastructure Solutions

[email protected]