Evolving Evasion Techniques Stealthily Make Their Way Into Current Attack Trends | Cyware Alerts

Evasion techniques employed by cybercriminals have become an Achilles’ heel for organizations. With the frequent barrage of vulnerability disclosures and occasional zero-day threats, attackers are leaving no stone unturned to sneak past security checks and cause maximum destruction.

Trending threats

  • Over the first half of 2020, Cisco, in association with MITRE ATT&CK, found that fileless threats and legitimate tools were used for the purpose of defense evasion in 57% of all IoC alerts.
  • To add more troubles, the likes of KryptoCibule, LodaRAT, and QBot malware were revamped to include a variety of obfuscation techniques.

Emotet operators made the most of it

  • Since its reappearance in July, the Emotet trojan leveraged different themes and, in one case, legitimate email threads as part of its evasive strategy.
  • Moreover, the Emotet loader was enhanced to bypass security products by manipulating artificial intelligence. For this, the operators used legitimate Microsoft code as a benign code to prevent the red flag on infected systems.

Other evasion techniques observed recently

Over the past few months, several threat actors were quite picky about their evasion techniques. Some of the recently observed techniques were:

  • Spammers shipping malicious PowerPoint attachments through short URLs that contained random texts. 
  • A spam group using hexadecimal IP addresses, since mid-July, to evade detection by email filters and security systems. These manipulated addresses, in turn, redirected victims to spam sites. 
  • A malware gang named Epic Manchego using malicious Excel files to target companies all over the world through Created using EPPlus rather than Microsoft Excel files, these files bypassed security scanners and had low detection rates during the infection process.
  • Maze attackers adopting virtual machines to hide their malicious payloads. The technique was previously used by Ragnar Locker operators. 

Where do the victims fail?

As shared by Security Boulevard, organizations fail to detect and prevent obfuscation techniques because of:
  • Outdated classification categories of security checks.
  • Limited network monitoring on targeted protocols.
  • Inadequate tracking systems for one-off exceptions.

Bottom line

While hackers are relentlessly using creative evasive tactics, it is very important for cybersecurity professionals to understand their defense framework and design more effective defenses to combat such sneaky cyberattacks. Businesses can bounce back from any threat when a culture of cyber resilience that focuses on the total network, endpoint, and user protection is combined with a well-strategized data recovery process.

Source link

Recent articles

COVID-19: As UK winter sets in minorities fear second wave impact | United Kingdom News

London, United Kingdom – In an attempt to protect his bed-bound grandfather from coronavirus, 19-year-old university student Osman and his family wore masks...

How Last Year’s Pandemic Simulation Foreshadowed Covid-19

An employee walks at El Alto International Airport in El Alto, Bolivia, on Oct. 21, 2020.Photo: RONALDO SCHEMIDT/AFP (Getty...

Blender 2.9 – Rolling Waves Looping Mograph Animation

Tom Latvys writes: In this tutorial, you'll learn how to create a looping mograph animation of some stylized rolling waves, using a few...

Sopra Steria Hit by New Ryuk Variant

French IT services giant Sopra Steria has said it will take weeks to return to normal after a serious ransomware attack forced key...

The Font of Misinformation and Lies at Trump Campaign Rallies

Thank you very — this is great. Hello. How are you? Thank you, everybody. Thank you very much. Thank you. Thank you. And...

Leave a reply

Please enter your comment!
Please enter your name here