Fileless Attack - Detecting the Undetectable - Carolina Valencia, Aqua Security
Abstract
A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. Often, attackers may also use compression or encryption to cloak the malware file to avoid detection. Most commonly used against Windows, we have recently seen a growing trend in its use against Linux, and, more specifically, within containers. In this guide, we will break down a fileless attack by creating a fileless demo and detecting unexpected activity with eBPF tools in the Cloud Native Security Runtime Space: Falco, Tracee, and Tetragon.