Cyber Adversaries Up the Ante on Evasion and Anti-analysis to Avoid Detection
There is ongoing barometer for aggregate malicious activity across the internet,to address this segment, Fortinet have released threat landscape Index, the TLI is based on the premise that the cyber landscape gets more threatening as more of our sensors detect a wider variety of threats at a higher volume. If the opposite is true, this indicates things are getting better. Perhaps most importantly, it shows the rate of those changes over time and helps draw attention to the forces behind them.
Fortinet today announced the findings of its latest quarterly Global Threat Landscape Report.
The research reveals that cybercriminals continue to look for new attack opportunities throughout the digital attack surface and are leveraging evasion as well as anti-analysis techniques as they become more sophisticated in their attempts.
The Threat Landscape Index crossed a milestone this quarter. It is up nearly 4% from its original opening position year-over-year. The high point during that year-long timeframe is the peak and closing point of Q2 CY2019. The upsurge was driven by increased malware and exploit activity.
For a detailed view of the Threat Landscape Index and subindices for exploits, malware, and botnets, as well as some important takeaways for CISOs read the blog. Highlights of the report follow.
Upping the Ante on Evasion Tactics
Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection.
For example, a spam campaign demonstrates how adversaries are using and tweaking these techniques against defenders. The campaign involves the use of a phishing email with an attachment that turned out to be a weaponized Excel document with a malicious macro. The macro has attributes designed to disable security tools, execute commands arbitrarily, cause memory problems, and ensure that it only runs on Japanese systems. One property that it looks for in particular, an xlDate variable, seems to be undocumented. Another example involves a variant of the Dridex banking trojan which changes the names and hashes of files each time the victim logs in, making it difficult to spot the malware on infected host systems.
The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defenses and behavior-based threat detection.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.