Cybercriminals are constantly changing their tactics so keeping up is a constant challenge for businesses.
In this article, we examine 6 of the latest techniques being used by cybercriminals to breach organisations’ cyber security. We also crucially consider how to defend against them.
1. Polymorphic malware
The majority of traditional antivirus solutions identify attacks by recognising malicious file signatures. To evade detection, attackers have developed more advanced forms of malware that automatically change their digital fingerprint. This makes it difficult for AV to keep pace. However, over time these attacks have evolved and become more sophisticated. Modern data theft malware is able to overcome traditional anti-malware by constantly changing signatures.
One of the most well-publicised recent examples of so called ‘polymorphic malware’ is the Emotet Trojan. This malware was originally observed back in 2014, but a more aggressive polymorphic strain has since emerged.
2. Fileless malware
As if one type of malware is not bad enough, fileless malware is becoming a real challenge for businesses. This is also known as memory-resident malware. Rather than installing itself to hard disk space, memory-resident malware, is able to write itself directly to a computer’s memory. The malware is usually hidden within files or applications and because no software is installed, it is almost impossible for traditional defences to detect.
Traditional malware installs malicious software onto your computer. Whereas fileless malware doesn’t actually install anything – this allows it to evade antivirus software and firewalls. Instead, it is able to hide in the computer’s memory inside legitimate programs. A report from the Ponemon Institute revealed that of organisations that suffer an endpoint attack in 2018, 76 per cent were caused by fileless attacks. . Therefore, it is definitely a threat to be aware of.
3. Sandbox evasion
Another defence mechanism used by some security systems is sandboxing. This involves executing files in a safe, virtual environment before they are delivered to users. Unfortunately, hackers are finding ways to deceive this security feature by writing malware that shows no signs of being malicious when it is in a sandbox environment.
Sandbox-evading malware checks whether it is running in a virtual environment or will only execute after an extended period of time, long after it has been released.
4. Emails spoofing
Email spoofing involves an attacker fabricating the header of an email to closely resemble that of a person and/or organisation that they seek to imitate. Attackers have developed a variety of sophisticated spoofing techniques to evade organisations’ defences and conduct targeted social engineering scams such as Business Email Compromise attacks.
Various technologies are available to help organisations detect email spoofing but since adoption is low, attacks are still widespread.
5. Use of trusted infrastructure
Another evasion technique on the rise, is the use of recognised platforms to distribute malicious content. Services such as Azure, AWS, Google Drive, PowerPoint and WordPress are commonly used to host malicious files and because they are widely trusted by users and cannot be easily blacklisted.
One recent example of this type of attack saw cybercriminals targeting O365 users by using SharePoint to fool them into clicking innocent looking links.
6. Software subversion
Cybercriminals are also targeting organisations through the supply chain. This is often achieved by compromising widely used software applications and plug-ins.
Of the groups involved in the well-publicised Magecart attacks was actually able to compromise an advertising script which allowed them to then target hundreds of sites at a time.
How to protect your business against advanced threats
Cybercriminals now use such a broad range of techniques and tactics to breach defences; it simply is no longer enough to use traditional preventative security measures. Detecting the latest attacks now requires organisations to use threat detection tools that are behaviour based and able to monitor inside the network.
If your organisation lacks the ability to detect the latest attacks, then you may wish to consider a specialist managed detection and response service, which supplies the people, technology and intelligence needed to proactively hunt for, contain and shut down threats.