Cyberthreats, viruses, and malware - Microsoft Security Intelligence (original) (raw)
Running code with system tools
Sophisticated attacks avoid dropping files and instead rely on system tools to run malicious code directly from remote or hidden sources. The absence of files leaves AV scanners without the necessary triggers and forensics without persistent artifacts to recover. While security solutions have evolved, many don’t check memory or review behaviors at runtime. Some rely on static approaches that don’t dynamically recognize new attack methods.
Fileless in more ways than one
Attacks can go fileless in many ways. Attackers often use scripts, but they also attempt to inject code into memory, hijack COM objects, and even insert malicious code into firmware. Although these fileless techniques have figured in targeted attacks, they have become more common in commodity malware campaigns.
Protect with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint provides several layers of defenses, including next-generation antivirus protection powered by behavior monitoring and runtime script analysis. Both AV and EDR sensors use machine learning algorithms that actively learn from both static and behavioral data to identify new fileless attacks.