Download the eBook: Understanding Hackers Malicious Evasion Techniques
Cyber attacks don't play by the "spray and pay" rules anymore. Attacks are more complicated than ever and SMBs are at a major risk. The repercussions grow every year - legal, financial, reputational. The most important thing you can do is remain educated about the types of attacks that are out there - and the best ways to prevent and counter each one. That's why we've put together this new eBook: all the evasion techniques, in one convenient place.
Download the eBook for Top Threat Evasion Techniques:
Common Threat Evasion Techniques
Evasion techniques have evolved over the years. At first, sending a malicious document was enough to gain remote access, but now as security has increased, cyberhackers have gotten smarter. Zero-day attacks, attacks that leverage vulnerabilities not commonly known or mitigated against, are often difficult to detect. Here are some important evasions you should know:
Static - are the most common. Attacks are hidden in shellcode, encrypted inside of the sample, and decrypted at run time.
VBA Macros - have become popular because new products are focused on security, fast product updates, and there is less scope for development mistakes. Most Microsoft Office attacks have been based on macros over the past three years. It's a VBA code that interacts with the operating system to gain access to the system. As the security processes improve, these attacks get stealthier.
Phishing Evasion Techniques
Phishing involves delivering malicious URLs so attackers get credentials and move laterally within an organization. Some of the top phishing evasion techniques include:
Using legitimate websites for hosting - When attackers host a malicious website through a legitimate provider such as Google or SharePoint. Targets often can't identify the phishing attacks on their platforms; a common example is fake Zoom meetings.
Multiple Hops - When a sender receives an initial phishing email and is bounced from legitimate pages to a final phishing landing page. This attack includes multiple "hops" to slip through most security systems.
Branded phishing webpages - Attacks that are completely personalized phishing attacks. Many organizations set up branded login pages that cyber attackers recreate with a false sense of security.
Malformed HTML - Instead of using the phishing link as a part of the HTML, the hackers insert the malicious code at the end of the HTML.
Evasion Techniques for Ransomware
Ransomware is commonly deployed via a download or file type. These attacks can cost businesses considerable downtime and thousands of dollars.
Checking for known security software - Malware hackers would rather avoid known security vendors to prevent detection.
Checking Sandbox/VM environments - WMI is used to distinguish between a real system and a simulated environment. WMI is a mechanism within Windows that provides information about the system.
Using old legacy capabilities - Excel 4.0 is an older feature in Excel before VBA was introduced. Hackers have used Excel 4.0 and it allowed them to bypass security solutions that weren't trained to look for it.
It's crucial to protect yourself from these sophisticated attacks. Ensuring you have the capabilities in place to protect yourself is important. If you want to learn more or schedule a free IT consultation, reach out to us at iCorps.