Optiv Cybersecurity Dictionary

What are Fileless Attacks?

Fileless attacks inject malicious code into RAM memory and exploit approved applications on targeted devices to achieve their objectives and thwart detection.


With traditional file-based malware, the attacker must write a file to the local drive of the targeted device, which is an action that's more easily detected by modern security controls. By contrast, fileless attacks inject malicious code only into RAM memory (hence fileless) and exploit approved applications on targeted devices. This makes them far more difficult to detect. Fileless attacks commonly exploit administrative utilities such as Windows Powershell or Windows Management Instrumentation (WMI). 

Contact Us