Evolving Evasion Techniques Stealthily Make Their Way Into Current Attack Trends

Trending threats

• Over the first half of 2020, Cisco, in association with MITRE ATT&CK, found that fileless threats and legitimate tools were used for the purpose of defense evasion in 57% of all IoC alerts.
• To add more troubles, the likes of KryptoCibule, LodaRAT, and QBot malware were revamped to include a variety of obfuscation techniques.

Emotet operators made the most of it

• Since its reappearance in July, the Emotet trojan leveraged different themes and, in one case, legitimate email threads as part of its evasive strategy.
• Moreover, the Emotet loader was enhanced to bypass security products by manipulating artificial intelligence. For this, the operators used legitimate Microsoft code as a benign code to prevent the red flag on infected systems.

Other evasion techniques observed recently

• Spammers shipping malicious PowerPoint attachments through short URLs that contained random texts. 
• A spam group using hexadecimal IP addresses, since mid-July, to evade detection by email filters and security systems. These manipulated addresses, in turn, redirected victims to spam sites. 
• A malware gang named Epic Manchego using malicious Excel files to target companies all over the world through Created using EPPlus rather than Microsoft Excel files, these files bypassed security scanners and had low detection rates during the infection process.
• Maze attackers adopting virtual machines to hide their malicious payloads. The technique was previously used by Ragnar Locker operators. 

Where do the victims fail?

• Outdated classification categories of security checks.
• Limited network monitoring on targeted protocols.
• Inadequate tracking systems for one-off exceptions.

Bottom line