Fileless malware refers to malware that doesn’t drop a file on a local system. It might have been pulled down by a user’s browser as part of an infected web page or come through a direct push to an unprotected service, such as a management tool running on a user’s PC.
Regardless, old-school methods of treating all malware as files to be scanned won’t work to counter the bevy of modern threats. Here are four ways healthcare managers can protect against new attack vectors.
1. Maintain Local Firewalls on Healthcare PCs
User PCs should not run network-accessible services other than the bare minimum of tools necessary for management. A host firewall running on each end system ensures that no matter what services get started, they won’t be accessible from the network. Your default policy should only allow inbound connections to specific known tools, which should be limited to known networks.
2. Keep Client Tools Patched and Restricted
Many healthcare tools have moved to browser-based access, meaning organizations must maintain old browsers to support applications. Consistently patch to avoid getting hit with known threats. Still, problems will only worsen as Microsoft pressures customers off Internet Explorer and onto Edge. If you can’t eliminate IE, contain the problem by running in Windows “Enterprise Mode,” which supports IE11 for only a few intranet applications, and Edge for everything else.
3. Review Endpoint Security Policies Regularly
Desktop endpoint security suites have all been updated to support more sophisticated attacks. If the last time you reviewed the policy of your solution was more than a few years ago, check now to be sure you’ve activated all the protections you paid for. Re-evaluate the costs and benefits of protections you may have disabled to ensure you’re keeping pace with more dangerous threats.
4. Worry About Lateral Movement from Hackers
Attackers use a simple strategy to take over your network: gain a beachhead. They move laterally, upgrade privileges and repeat. Host-based firewalls are a good start, but managers must also practice network segmentation, even blocking peer-to-peer communications between devices on the same LAN. By controlling flows between devices, you reduce the ability of malware to move laterally.
5. Don’t Let Application Owners Steamroll You
In many healthcare environments, applications are delivered as wholly contained packages, sometimes even managed by the software vendor rather than the local IT team. Fileless malware loves poorly coordinated security.
Every time an IT manager throws up his or her hands and compromises security rather than tightly define a network or firewall request, that’s an invitation for fileless malware to move through the network. The solution is to be sure that everyone is on the same page when it comes to security, especially network security. Software vendors will always ask for more than they need, just to make their own lives easier and reduce technical support costs. Don’t play that game; make sure any and every security change request makes sense and is as tight as it can be. When a change is made, monitor logs for a while, and be sure you haven’t opened ports or protocols that aren’t being used.