Doing more with less: a study of file-less infection attacks

Wednesday 30 September 12:00 - 12:30, Green room

Benjamin S. Rivera (Trend Micro)
Rhena U. Inocencio (Trend Micro)

In the past, malware evasion techniques ranged from simple hidden file attributes to more advanced rootkit technology. Recently, however, notable pieces of malware have been using the seemingly contradictory - and arguably more powerful - method of going undetected by file-based anti-virus solutions: going 'file-less'.

Indeed, 'file-less' infection opens up a wide range of possibilities for cybercriminals and threat actors as they continue to improve their tools and tactics to ensure that their arsenal stays as long as possible on a target system and to make forensic investigations difficult. Among the real-world examples of this infection technique include threats that abuse Windows PowerShell features, recent attacks launched where malicious codes are injected directly into other processes, and notable malware families where binaries are placed in the registry entries. We will discuss the threat behaviour and technical details of these examples, along with various case studies and incidents we have investigated.

As a result, we will gain a thorough understanding of how file-less infection attacks will impact the threat landscape as a whole. We will also discuss how holistic reputation-based technologies will help correlate the components of a file-less attack and create appropriate solutions that will help protect users and organizations from these threats.

Click here for more details about the conference.

Benjamin S. Rivera

Benjamin S. Rivera

Benjamin Rivera has more than 10 years of experience in information security. Currently, he manages both the threat research team and the training team under the Core Technology operations group at TrendLabs, the global technical support and R&D centre of Trend Micro. He oversees research projects and the engineers' training and development courses to further build expertise in the constantly changing threat and technology landscape. He has previously managed several teams that handle critical incident and threat response, advanced threat analysis, and heuristics. He has spoken at international conferences including the Association of Anti-Virus Asia Researchers (AVAR) and Nullcon Conference. A sports enthusiast at heart, Benjamin runs marathons and plays lawn tennis. He holds a degree in applied mathematics.

Rhena U. Inocencio

Rhena U. Inocencio

Rhena Inocencio has been working for Trend Micro Philippines as a threat researcher since 2011. On a daily basis, she monitors and analyses different threats and creates malware reports for customers. Currently, she is focused on PoS (Point of Sale) malware footprinting, and she also acts as a technical leader for the threat analysis team. During her spare time, she plays the piano and paints (mostly) animal faces and abstracts on canvas. She is a fan of origami and Manga/Manhwa. She is contributor to the TrendLabs Security Intelligence blog.