Jeff Tang: Demystifying Fileless Malware

Jeff Tang: Demystifying “Fileless” Malware 

The only difference between a hacker and a remote systems administrator is who is employing them

 -- Unknown

Want to hear some numbers that might scare you? Or… they might confirm what you already know. Or… they might just be numbers.

63% of IT security professionals say the frequency of attacks has gone up over the past 12 months, according to Ponemon's 2018 State of Endpoint Security Risk report

52% of respondents say all attacks cannot be realistically stopped. Their antivirus solutions are blocking only 43% of attacks

62% of respondents said that their organizations had experienced one or more endpoint attacks that resulted in a data breach

 -- 6 Ways Malware Can Bypass Endpoint Protection; Maria Korolov, contributing writer CSO

By now, everyone is familiar with the concept of file-based malware. Malware typically is delivered in the form of executable files. When it comes to “fileless” malware however, there’s a lot of confusion and misunderstanding due to the evolving nature of the term.

Fileless malware originally took shape in the form of exploit payloads that reside only in-memory and never touched disk. Later on, the endpoint security industry adopted it to encompass file formats that were not traditionally recognized as executable but instead served as a host container to run arbitrary code. As attackers have revamped their techniques, the term has gone on to include misusing built-in operating system utilities to conduct their operations.

In this episode of InSecurity, Matt Stephenson spent some time with Jeff Tang to find out what the hell all this means and why it matters. Think you know? Might want to tune in just to make sure

About Jeff Tang

Jeff Tang(@mrjefftang) is a Senior Security Researcher at Cylance focused on operating systems and vulnerability research. He started his career as a Global Network Exploitation & Vulnerability Analyst at the National Security Agency, where he conducted computer network exploitation operations in support of national security requirements. Prior to Cylance, Jeff served as the Chief Scientist at VAHNA to develop a security platform for identifying targeted network intrusions, and also worked as a CNO Developer at ManTech where he researched tools, techniques and countermeasures in computer network vulnerabilities.

Jeff completed his Bachelor of Science (BSc) in Electrical Engineering and Computer Science at the University of California, Berkeley and a Master of Science (MSc) in Offensive Computer Security at Eastern Michigan University.

About Matt Stephenson

Insecurity Podcast host Matt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV

Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come

Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.

Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcastsand GooglePlayas well as Spotify, Stitcher, SoundCloud, I Heart Radioand wherever you get your podcasts!

Make sure you Subscribe, Rate and Review!