Remember those portrayals of hackers in the 80s and 90s where you just knew when you got pwned?
A blue screen of death, a scary message, a back-and-forth text exchange with a hacker鈥攊f you got pwned in a movie in the 80s and 90s, you knew it right off the bat.
What a shame that today鈥檚 hackers have learned to be quiet when infiltrating an environment.
Sure, 鈥渓oud鈥 attacks like ransomware still exist, but threat actors have learned that if they keep themselves hidden, they can usually do far more damage. For hackers, a little stealth can go a long way.
Some attack tactics are inherently quiet, making them arguably more dangerous as they can be harder to detect. Here are four of these attack tactics you should know about.
Attackers know that many people have applications that they inherently trust鈥攎aking those trusted applications the perfect launchpad for cyberattacks.
Threat actors know that defenders and the tools they use are often on the hunt for new malware presenting itself in environments. What isn鈥檛 so easy to detect is when the malware masquerades under legitimate applications.聽
Fileless malware is a great example of trusted application abuse. No new malware is installed on the system in the case of fileless malware (hence its name). Instead, the malware works to mess with applications you know and trust, ultimately taking control over them and using them to perform malicious activity.
And that鈥檚 what makes trusted application abuse one of the sneakier evasion tactics.
Much like trusted application abuse, trusted infrastructure abuse is the act of using legitimate, publicly hosted services and toolsets (such as Dropbox or Google Drive) as part of the attack infrastructure.聽
Threat actors know that people tend to trust Dropbox and Google Drive. As a result, this makes these tools a prime means for threat actors to carry out malicious activity. Threat actors often find trusted infrastructure abuse easy because these services aren鈥檛 usually blocked at an enterprise鈥檚 gateway. In turn, outbound communications can hide in plain sight.
This unfortunately makes it that much easier for bad actors to establish persistence in an environment, which we鈥檒l talk about shortly.
Although cybersecurity has more than its fair share of tedious acronyms, the good news is that many terms can be broken down by their generic dictionary definitions.
According to dictionary.com, this is what obfuscate means:
To make something unclear, obscure or difficult to understand.
And that鈥檚 exactly what it means in cybersecurity: finding ways to conceal malicious behavior. In turn, this makes it more difficult for analysts and the tools they use to flag suspicious or malicious activity.
For example, one attack tactic we see often in the field is burying malicious code inside an unsuspecting file. You think you鈥檙e opening up a PDF (.pdf), but you鈥檙e actually opening up an executable (.exe) that runs malicious code in the background. This is one form of obfuscation because you鈥檙e being tricked into opening an executable under the guise of a harmless PDF.
Imagine writing up documentation using your computer鈥攕omething you may well do in your role. You鈥檝e spent a ton of time doing the research required, finding the right sources and compiling all your information into a document.
Now, imagine not hitting save on that document and losing it as soon as you reboot your computer.
Sound like a nightmare鈥攐r perhaps a real anxiety-inducing experience you鈥檝e been through before? Threat actors agree.
And that鈥檚 why they establish persistence. They don鈥檛 want all of their hard work to get into your systems in the first place to be in vain just because you restart your computer. They establish persistence to make sure they can still hang around even after you reboot.
Although we鈥檝e expanded our offerings here at 杏吧传媒, persistence was our bread and butter when we were first established. That鈥檚 because so many tools focused on preventive measures but not quite on what happens once threat actors do make their way through. And let鈥檚 be real鈥攊t鈥檚 only a matter of time before they outsmart today鈥檚 best tools.
Want to learn more about defense evasion? Check out our blog series where we open up the 杏吧传媒 vault to explore some defense evasion techniques we鈥檝e seen in the wild.
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
