Evasion techniques employed by cybercriminals have become an Achilles’ heel for organizations. With the frequent barrage of vulnerability disclosures and occasional zero-day threats, attackers are leaving no stone unturned to sneak past security checks and cause maximum destruction.
- Over the first half of 2020, Cisco, in association with MITRE ATT&CK, found that fileless threats and legitimate tools were used for the purpose of defense evasion in 57% of all IoC alerts.
- To add more troubles, the likes of KryptoCibule, LodaRAT, and QBot malware were revamped to include a variety of obfuscation techniques.
Emotet operators made the most of it
- Since its reappearance in July, the Emotet trojan leveraged different themes and, in one case, legitimate email threads as part of its evasive strategy.
- Moreover, the Emotet loader was enhanced to bypass security products by manipulating artificial intelligence. For this, the operators used legitimate Microsoft code as a benign code to prevent the red flag on infected systems.
Other evasion techniques observed recently
Over the past few months, several threat actors were quite picky about their evasion techniques. Some of the recently observed techniques were:
- Spammers shipping malicious PowerPoint attachments through short URLs that contained random texts.
- A spam group using hexadecimal IP addresses, since mid-July, to evade detection by email filters and security systems. These manipulated addresses, in turn, redirected victims to spam sites.
- A malware gang named Epic Manchego using malicious Excel files to target companies all over the world through Created using EPPlus rather than Microsoft Excel files, these files bypassed security scanners and had low detection rates during the infection process.
- Maze attackers adopting virtual machines to hide their malicious payloads. The technique was previously used by Ragnar Locker operators.
Where do the victims fail?
As shared by Security Boulevard, organizations fail to detect and prevent obfuscation techniques because of:
- Outdated classification categories of security checks.
- Limited network monitoring on targeted protocols.
- Inadequate tracking systems for one-off exceptions.
While hackers are relentlessly using creative evasive tactics, it is very important for cybersecurity professionals to understand their defense framework and design more effective defenses to combat such sneaky cyberattacks. Businesses can bounce back from any threat when a culture of cyber resilience that focuses on the total network, endpoint, and user protection is combined with a well-strategized data recovery process.