Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company’s application whitelisting?
The attacker used file-less malware. File-less malware operates entirely in the system's memory, making it difficult for traditional antivirus software to detect since it doesn't leave a trace on the hard drive. Additionally, since it can run in the context of a trusted system process or application, it can bypass application whitelisting and avoid being flagged by IDS/IPS systems.
A. File-less malware Explanation: In this scenario, the attacker used file-less malware to bypass the company's application whitelisting. File-less malware resides entirely in memory, making it difficult for antivirus software and IDS/IPS to detect. It can run in the context of a trusted process or system application, and can be delivered through various attack vectors, including phishing emails, malicious websites, or network exploits.
A. File-less malware 312-50v11 Q164 https://www.trellix.com/en-us/security-awareness/ransomware/what-is-fileless-malware.html
A. File-less malware should be the answer. But why not B?
Because it's mentioned AV didn't flag any "non-whitelisted file"
zero day does not necessarily need a file to execute
zero day does not necessarily need a file to execute
A. File-less malware
0day because it's most likely not in a whitelist, IDS/IPS may detect file-less still
File-less malware
Zero day, otherwise his ips/ids and av would detect the threat. AV/EDR can detect malware running in memory.
File-less, I change my answer