Cybercriminals and security teams have a long adversarial history, each working to outsmart the other. As security software has improved its ability to detect and quash common threats, cyber criminals have developed a different approach: evading detection in the first place.
As security solutions have become more advanced, so too have cybercriminals’ evasion techniques. In simple terms, evasion techniques are practiced by cybercriminals to help avoid detection. Two of these techniques are obfuscation and anti-analysis practices, and they have recently become more sophisticated than ever.
Based on information uncovered in Fortinet’s Q2 2019 Threat Landscape Report, there are several examples of how cyber criminals use evasion tactics to minimize detection.
Anti-analysis techniques were used in a recent campaign in Japan, in which a phishing email was circulated with a weaponized Excel document attachment containing a malicious macro. This macro disabled security tools and executed commands using an undocumented infiltration technique, which meant standard threat detection was useless against it.
Another example of an anti-analysis technique was seen in a variant of the Dridex banking Trojan. This Trojan changed file names and hashes each time someone in the affected system logged in, making it virtually impossible to spot the malware with traditional threat detection measures. Researchers also discovered an attack focused on the financial space, known as AndroMut. AndroMut used sandboxing and emulator verification, as well as debuggers to target employees at financial institutions.
In addition to anti-analysis techniques, cyber criminals are achieving their goals by developing increasingly stealthy infostealers to gather data from connected devices. One particularly impressive infostealer was Zegost. Zegost’s creators designed it to be low-observable, with functions that enable evasion - this includes the clearing of application, security, and system event logs.
These few examples are grim reminders that systems need multi-layered defenses and behavior-based threat detection in order to stay on top of cyber criminals’ latest evasion techniques.
As IT and security teams adapt their security strategies to keep pace with these new sophisticated attack strategies, they must keep these five best practices in mind.
Cyberattacks are evolving due to the development of advanced evasion techniques designed to help cyber criminals fly under the radar. To protect critical data assets and services, security teams must start by working to understand these new types of anti-evasion risks. They must then implement best practices and solutions to not only defend against these recent attacks, but also select adaptable technologies that can address those that have yet to be discovered.
Learn about how FortiGuard Labs provides unmatched security and intelligence services using integrated AI systems. Find out about the FortiGuard Security Services portfolio and sign up for our weekly FortiGuard Threat Brief.
Read about the FortiGuard Security Rating Service, which provides security audits and best practices to guide customers in designing, implementing, and maintaining the security posture best suited for their organization.