{"id":11361,"date":"2018-10-23T10:01:53","date_gmt":"2018-10-23T09:01:53","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=11361\/"},"modified":"2019-12-31T09:35:37","modified_gmt":"2019-12-31T08:35:37","slug":"fileless-attack-le-retour-a-la-terre","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/10\/fileless-attack-le-retour-a-la-terre\/","title":{"rendered":"Fileless attack : Le retour \u00e0 la terre"},"content":{"rendered":"<p><em>Le panorama des menaces informatiques \u00e9volue constamment, et chaque ann\u00e9e se retrouve baptis\u00e9e du nom de la nouvelle tendance ou innovation qui semble bousculer le monde de la s\u00e9curit\u00e9 informatique. Si 2017 \u00e9tait l\u2019ann\u00e9e du ransomware, il se pourrait que 2018 soit celle des fileless attacks (comprendre \u00ab\u00a0les attaques sans fichiers\u00a0\u00bb). Si le concept de ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 croissante aupr\u00e8s des pirates, elle, l\u2019est. Cela signifie-t-il que qui va nous imposer de repenser notre fa\u00e7on d\u2019appr\u00e9hender la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information\u00a0?<\/em><\/p>\n<h2>Tu quoque mi programme<\/h2>\n<p>Pour se faire une id\u00e9e un peu plus d\u00e9taill\u00e9e et pr\u00e9cise de cette menace, commen\u00e7ons par d\u00e9finir ce qu\u2019est une <em>fileless attack<\/em>. \u00c9galement nomm\u00e9e <em>non-malware attack<\/em> (attaque sans <em>malware<\/em>), <em>zero-footprint attack<\/em> (attaque sans empreinte) ou <em>living-off-the-land attack<\/em> (attaque hors sol), la particularit\u00e9 de ce type de menace est qu\u2019elle n\u2019impose pas \u00e0 l\u2019attaquant d\u2019installer un programme sur la machine cible pour ex\u00e9cuter des actions malveillantes. En effet, le principe m\u00eame de l\u2019attaque est de d\u00e9tourner l\u2019usage d\u2019outils ou de programmes parfaitement licites et d\u00e9j\u00e0 install\u00e9s sur les \u00e9quipements informatiques \u00e0 des fins, elles, illicites. Comment proc\u00e8dent donc les attaquants pour arriver \u00e0 leurs fins\u00a0?<\/p>\n<p>Dans la majorit\u00e9 des cas, Pour \u00e9tablir cette t\u00eate de pont, ils utilisent la plupart du temps des techniques classiques de <em>phishing<\/em> ou <em>spear-phishing<\/em>. En effet, il est important de bien garder \u00e0 l\u2019esprit que la particularit\u00e9 de cette typologie d\u2019attaque consiste dans la non-installation du programme malveillant chez la cible, ce qui ne pr\u00e9juge pas de l\u2019utilisation de fichiers \u00e0 d\u2019autres moments (comme lors d\u2019un <em>phishing<\/em>). Alternativement, des attaques par force brute ou la mise \u00e0 profit d\u2019<em>exploit<\/em> permettant l\u2019ex\u00e9cution de code \u00e0 distance peuvent \u00e9galement permettre d\u2019acc\u00e9der \u00e0 la machine cible et de perp\u00e9trer des attaques sans fichiers.<\/p>\n<p>Quelle que soit la technique utilis\u00e9e, l\u2019objectif final est, comme on l\u2019a vu, de d\u00e9tourner l\u2019usage d\u2019un programme l\u00e9gitime. La cible principale de ce \u00ab\u00a0programme-jacking\u00a0\u00bb est PowerShell (Windows Management Instrumentation \u00e9tant \u00e9galement un bon client). Cet outil syst\u00e8me, install\u00e9 de mani\u00e8re native sur certaines machines tournant avec un syst\u00e8me d\u2019exploitation Windows, a la particularit\u00e9 de pouvoir ex\u00e9cuter des t\u00e2ches instruites depuis la console de commande directement dans la m\u00e9moire vive de l\u2019appareil. Dans certains cas, une simple macro bien construite sur un fichier Word malveillant, l\u2019exploitation d\u2019une faille de Flash ou la redirection vers un site malveillant suffit \u00e0 invoquer PowerShell. Une fois celui-ci ouvert, il se connecte alors \u00e0 un serveur de <em>command &amp; control<\/em> et t\u00e9l\u00e9charge un script malveillant qui s\u2019ex\u00e9cute donc depuis la m\u00e9moire vive et qui peut proc\u00e9der \u00e0 toute une vari\u00e9t\u00e9 d\u2019actions, comme par exemple localiser et envoyer des donn\u00e9es vers l\u2019attaquant ou miner des crypto-monnaies. Des <em>fileless attacks<\/em> exploitant les vuln\u00e9rabilit\u00e9s de Java (Java Process) sont \u00e9galement connues.<\/p>\n<h2>\u00a0Malware\u00a0: le grand remplacement<\/h2>\n<p>Et il faut croire que cette typologie d\u2019attaque est facile \u00e0 mettre en \u0153uvre si on jette un \u0153il aux chiffres. <a href=\"https:\/\/www.barkly.com\/ponemon-2018-endpoint-security-statistics-trends\">\u00a0<\/a>, pour 77% des entreprises reconnaissant avoir subi une attaque ayant r\u00e9ussi \u00e0 compromettre le syst\u00e8me d\u2019information de l\u2019entreprise, la technique utilis\u00e9e est une <em>fileless attack<\/em>. <a href=\"https:\/\/www.symantec.com\/blogs\/threat-intelligence\/powershell-threats-grow-further-and-operate-plain-sight\">Symantec a signal\u00e9 en juillet dernier qu\u2019entre le premier semestre 2017 et le premier semestre 2018, l\u2019usage malveillant de PowerShell avait augment\u00e9 de 661%<\/a>. Ainsi, Carbon Black a annonc\u00e9 dans son rapport de menace 2017 que 97% de ses clients avaient subi une tentative de la sorte et que les attaques sans fichier utilisant des failles PowerShell ou WMI ont repr\u00e9sent\u00e9 au global 52% du total des attaques en 2017, d\u00e9passant pour la premi\u00e8re fois de l\u2019histoire les attaques classiques utilisant des <em>malwares<\/em> install\u00e9s en dur sur la machine cible.<\/p>\n<p>La raison principale de l\u2019explosion de cette typologie de menaces trouve son origine dans la fa\u00e7on m\u00eame qu\u2019ont les organisations de se d\u00e9fendre. d\u2019analyser de mani\u00e8re statique les signatures des fichiers sur le disque afin d\u2019identifier les programmes illicites, et \u00e9ventuellement de les ex\u00e9cuter dans des bacs \u00e0 sables. La plupart de ces antivirus utilisent une fonctionnalit\u00e9 de l\u2019OS pour \u00eatre notifi\u00e9s des nouvelles \u00e9critures sur le disque et ainsi d\u00e9clencher un scan. Or, pas de fichier, pas de notification, et pas de notification, pas de scan. Les attaquants \u00e9tant des personnes pragmatiques, ils ont simplement d\u00e9cid\u00e9 de court-circuiter cette \u00e9tape et de mettre ainsi en d\u00e9faut l\u2019ensemble des d\u00e9fenses bas\u00e9es sur ces anti-virus traditionnels fonctionnant par base de signatures, ces derniers devenant de plus en plus performants.<\/p>\n<p>Les pirates de leur c\u00f4t\u00e9 s\u2019\u00e9quipent afin de proc\u00e9der plus facilement aux attaques en syst\u00e9matisant et simplifiant les manipulations \u00e0 faire pour contourner ces anti-virus. Certains outils d\u2019attaque actuels, comme Metasploit, facilitent les <em>fileless attacks<\/em> gr\u00e2ce \u00e0 la construction de charges utiles malveillantes clefs en main \u00e0 charger directement depuis Powershell.<\/p>\n<h2>Comment chasser un malware qui n\u2019existe pas\u00a0?<\/h2>\n<p>Les m\u00e9thodes de d\u00e9fense traditionnelles \u00e9tant peu adapt\u00e9es, il est n\u00e9cessaire de repenser son approche. Si certaines menaces peuvent \u00eatre stopp\u00e9es simplement en red\u00e9marrant la machine (son arr\u00eat stoppant les programmes actifs), les hackers ont trouv\u00e9 la parade par l\u2019installation d\u2019un script dans le <em>registry<\/em> de Windows, entra\u00eenant la r\u00e9surgence de la br\u00e8che au red\u00e9marrage par son ex\u00e9cution automatique avec le reste des scripts syst\u00e8mes, eux l\u00e9gitimes. Si ce script est suffisamment court, il n\u2019a m\u00eame pas besoin d\u2019\u00eatre enregistr\u00e9 dans un fichier. Certaines attaques plus complexes peuvent demander l\u2019enregistrement de leur script dans un fichier, ce qui en fait une cat\u00e9gorie hybride de <em>fileless attack,<\/em> o\u00f9 si un fichier est effectivement n\u00e9cessaire, \u00e7a n\u2019est toujours pas le <em>malware<\/em> en lui-m\u00eame.<\/p>\n<p>Depuis quelques ann\u00e9es, le d\u00e9veloppement des solutions de type <em>Endpoint Detection Response<\/em> se trouve \u00eatre au c\u0153ur de l\u2019activit\u00e9 des \u00e9diteurs antivirus. Ces produits ne se limitent plus \u00e0 la simple analyse de fichiers mais adoptent des techniques d\u2019\u00e9tude comportementale. L\u2019id\u00e9e derri\u00e8re cette nouvelle fa\u00e7on de proc\u00e9der est d\u2019identifier les activations de programmes qui, individuellement, seraient l\u00e9gitimes mais dont l\u2019ex\u00e9cution en parall\u00e8le ou s\u00e9quentielle est suspicieuse. Par exemple, la consultation du web, l\u2019utilisation d\u2019une macro Microsoft Word ou l\u2019ex\u00e9cution de PowerShell est l\u00e9gitime. En revanche, leur activation concomitante peut r\u00e9sulter d\u2019un <em>phishing<\/em> r\u00e9ussi emmenant l\u2019utilisateur sur un site web malveillant, d\u00e9clenchant l\u2019activation en cascade de PowerShell \u00e0 travers une faille du premier. La solution antivirale peut donc r\u00e9aliser qu\u2019il ne s\u2019agit pas d\u2019une situation normale de fonctionnement et proc\u00e9der aux actions de s\u00e9curit\u00e9 n\u00e9cessaires.<\/p>\n<p>N\u00e9anmoins, ces solutions \u00e9tant bas\u00e9es sur des heuristiques, elles sont par d\u00e9finition faillibles. L\u2019\u00e9quilibre entre l\u2019exhaustivit\u00e9 des d\u00e9tections et le nombre de faux positifs, entra\u00eenant potentiellement des incidents d\u2019exploitation, est difficile \u00e0 atteindre. Des solutions de plus en plus stables et performantes apparaissent n\u00e9anmoins progressivement sur le march\u00e9, et permettent de lutter contre cette menace grandissante de mani\u00e8re efficace, pour peu que les terminaux utilisateurs en soient \u00e9quip\u00e9s.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le panorama des menaces informatiques \u00e9volue constamment, et chaque ann\u00e9e se retrouve baptis\u00e9e du nom de la nouvelle tendance ou innovation qui semble bousculer le monde de la s\u00e9curit\u00e9 informatique. Si 2017 \u00e9tait l\u2019ann\u00e9e du ransomware, il se pourrait que&#8230;<\/p>\n","protected":false},"author":1328,"featured_media":11363,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[1241,3054,265,3284,3038,2787],"coauthors":[3056],"class_list":["post-11361","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-cyberattaque","tag-fileless","tag-malware","tag-menace","tag-threat-intelligence","tag-veille"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fileless Attack : \u00e9volution croissante et menace r\u00e9elle<\/title>\n<meta name=\"description\" content=\"SI 2017 a \u00e9t\u00e9 l&#039;ann\u00e9e des ransomwares, 2018 est bien celle des fileless attacks. Ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 est, elle, croissante.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fileless Attack : \u00e9volution croissante et menace r\u00e9elle\" \/>\n<meta property=\"og:description\" content=\"SI 2017 a \u00e9t\u00e9 l&#039;ann\u00e9e des ransomwares, 2018 est bien celle des fileless attacks. Ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 est, elle, croissante.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-23T09:01:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T08:35:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ThomasSghedon1\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ThomasSghedon1\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\"},\"author\":{\"name\":\"ThomasSghedon1\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c409d882bdc71d487d64b32c496a4572\"},\"headline\":\"Fileless attack : Le retour \u00e0 la terre\",\"datePublished\":\"2018-10-23T09:01:53+00:00\",\"dateModified\":\"2019-12-31T08:35:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\"},\"wordCount\":1267,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg\",\"keywords\":[\"Cyberattaque\",\"fileless\",\"malware\",\"menace\",\"Threat intelligence\",\"veille\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\",\"name\":\"Fileless Attack : \u00e9volution croissante et menace r\u00e9elle\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg\",\"datePublished\":\"2018-10-23T09:01:53+00:00\",\"dateModified\":\"2019-12-31T08:35:37+00:00\",\"description\":\"SI 2017 a \u00e9t\u00e9 l'ann\u00e9e des ransomwares, 2018 est bien celle des fileless attacks. Ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 est, elle, croissante.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fileless attack : Le retour \u00e0 la terre\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c409d882bdc71d487d64b32c496a4572\",\"name\":\"ThomasSghedon1\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/thomassghedon1\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fileless Attack : \u00e9volution croissante et menace r\u00e9elle","description":"SI 2017 a \u00e9t\u00e9 l'ann\u00e9e des ransomwares, 2018 est bien celle des fileless attacks. Ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 est, elle, croissante.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/","og_locale":"en_US","og_type":"article","og_title":"Fileless Attack : \u00e9volution croissante et menace r\u00e9elle","og_description":"SI 2017 a \u00e9t\u00e9 l'ann\u00e9e des ransomwares, 2018 est bien celle des fileless attacks. Ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 est, elle, croissante.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/","og_site_name":"RiskInsight","article_published_time":"2018-10-23T09:01:53+00:00","article_modified_time":"2019-12-31T08:35:37+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"ThomasSghedon1","twitter_misc":{"Written by":"ThomasSghedon1","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/"},"author":{"name":"ThomasSghedon1","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c409d882bdc71d487d64b32c496a4572"},"headline":"Fileless attack : Le retour \u00e0 la terre","datePublished":"2018-10-23T09:01:53+00:00","dateModified":"2019-12-31T08:35:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/"},"wordCount":1267,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg","keywords":["Cyberattaque","fileless","malware","menace","Threat intelligence","veille"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/","url":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/","name":"Fileless Attack : \u00e9volution croissante et menace r\u00e9elle","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg","datePublished":"2018-10-23T09:01:53+00:00","dateModified":"2019-12-31T08:35:37+00:00","description":"SI 2017 a \u00e9t\u00e9 l'ann\u00e9e des ransomwares, 2018 est bien celle des fileless attacks. Ce mode d\u2019attaque n\u2019est pas nouveau, sa popularit\u00e9 est, elle, croissante.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/10\/Fotolia_78059294_Subscription_Monthly_M.jpg","width":1378,"height":1378},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/10\/fileless-attack-le-retour-a-la-terre\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Fileless attack : Le retour \u00e0 la terre"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c409d882bdc71d487d64b32c496a4572","name":"ThomasSghedon1","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/thomassghedon1\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1328"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=11361"}],"version-history":[{"count":2,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11361\/revisions"}],"predecessor-version":[{"id":11365,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11361\/revisions\/11365"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/11363"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=11361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=11361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=11361"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=11361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}