The use of fileless threats and dual-use tools by attackers is becoming more common.
There is an increased discussion around threats that adopt so called “living off the land” tactics. Attackers are increasingly making use of tools already installed on targeted computers or are running simple scripts and shellcode directly in memory. Creating less new files on the hard disk, or being completely fileless, means less chance of being detected by traditional security tools and therefore minimizes the risk of an attack being blocked. Using simple and clean dual-use tools allows the attacker to hide in plain sight among legitimate system administration work.
Living off the land tactics are increasingly being adopted by cyber criminals and are used in almost every targeted attack.