For centuries, people have tried to evade by hiding and hiding objects from looting. The same paradigm exist in today’s digital age. Cyber criminals are developing new evasion techniques which they have been utilizing to distribute and spread out malware.
Using evasion techniques have begun in the 1980’s. Way back then, they decided to encrypt part of its code to make it unreadable by security experts. Then it blossomed into a full grown technology developed and utilized by various malware families for evasion.
Thousands of anti-security, anti-sandbox, anti-analyst evasion techniques have been employed by hackers and malware developers. It goes as far as to off the shelf versions that can be bought from the Dark Web. It has evolved into a smarter and design and is on the road to machine learning based protection.
There are lots of techniques. Some techniques that have been used is steganography, which have hidden codes in images, messages, audio, video, text files. You name it and there probably is something out there in the works or already existing. Network steganography is becoming the standard paradigm which uses unused fields within TCP/IP headers to hide data. You might ask why? It is more practical since attackers can send unlimited amount of information via the network using this technique.
If not by hiding, they employ a technique that steals passwords. A very good example is the Fareit password stealing malware which was used before the 2016 US Presidential election. It was a deliberate attack which has spread via email, DNS poisoning, and tons of exploit kits left and right.
Everything is interconnected nowadays and we are getting more and more dependent to technology than ever. At this day and age, still we are using the most basic for of security which is by using a username and password. Often times, these information is easily stolen due to weak passwords which has become a lucrative business and target for cyber criminals and hackers. It is about time that we transition to a more secure way authentication and one of them is via a two-factor authentication.
So with everything said, if you were the cyber criminal, how would you go about hiding and stealing?