What is Divergent/Nodersok fileless Malware?
Following a spike in activity detected between 5 and 11 September 2019 Nodersok fileless Malware, which is also known as Divergent, has infected thousands of computers across the world. Nodersok fileless Malware downloads and installs a copy of the Node.js framework to convert infected systems into proxies and perform click-fraud. This Malware was first spotted in the summer of 2019 and was distributed via malicious advertisements that forcibly downloaded HTA, a HTML application, files on to a users’ computer.
After a system has been fully infected, Nodersok can then turn it into a zombie-like proxy machine which is then used to launch other cyber attacks. Nodersok can even create a relay server that can give cyber criminals the power to command and control the servers within your business as well as other compromised devices. This helps hackers hide their activity from security researchers who are looking for suspicious behaviour.
How can fileless Malware affect my business?
Just like traditional forms of Malware, fileless Malware has the ability to shut down and infiltrate your organisation’s network and devices and disrupting your day to day IT and computer processes. In extreme cases of a fileless Malware attack, it has the ability to delete, steal or hold to ransom valuable business and personal data.
In relation to the General Data Protection Regulation, or GDPR, should a fileless Malware attack on your business occur it could put it at risk of GDPR non-compliance and the risk of a significant fine of up to €20 million or 4% of a organisations annual turnover – whichever is greater.
As with any Malware or Ransomware threat, prevention is better than a cure. By implementing a secure IT strategy that falls in line with your business processes can help mitigate the risk of falling victim to Malware.
By also being certified under a cyber security framework such as Cyber Essentials, which is backed by the UK Government, enables businesses of all sizes within the UK to safeguard their business and client data while being able to participate in high value tenders that require the Cyber Essentials certification.
Furthermore, by implementing a business solution such as Microsoft 365, a Cloud-based application that includes a variety of applications within that can help mitigate the risk of fileless Malware. Microsoft 365 also includes the Windows 10 operating system which provides continual security updates and patches. Within Windows 10 is Windows Defender and Advanced Threat Protection, both of which can detect and stop fileless Malware through AntiMalware Scan Interface (AMSI), behaviour monitoring, memory scanning and boot sector protection. Microsoft have also just rolled out protection for mobile devices with their Microsoft Defender ATP for Android, with IOs protection being released in the coming months.
Using a state-of-the-art IT Security endpoint protection solution such as Sophos has the ability to detect fileless threats using anti-exploit technology as they are not about asking an end user to download a malicious file. This anti-exploit technology uses Deep Learning to stop both known and unknown malware without signature. Additionally, Sophos Intercept X has a focused approach and examines approximately 25 exploits that cyber criminals rely on to spread Malware, steal credentials, and escape detection rather than examining millions of Malware samples.
However, if your organisation has fallen victim to a Fileless Malware attack without the above solutions this would need to be dealt with by a specialist IT Consultant. Should you have a Disaster Recovery and Backup plan, your business data can be restored and business operations resumed. However, if do not, there is a risk that your organisation could face downtime, sensitive business documents could be lost and there could be a risk of a data breach.
Infinity Group are IT Security experts, Microsoft Gold Partners and Cyber Security Consultants. If your organisation requires IT Consultancy, then please get in touch.