The developers of attack tools continue to make headway in hobbling defenders from detecting and analyzing their malware, creating more complex infection chains to stymy defenses, an analysis by the Cisco Talos research team stated this week.
The researchers analyzed the latest attack techniques associated with an information-stealing campaign, known as LokiBit, and found that its developers have added a third stage to its process of compromising systems — along with more encryption — as a way to escape detection. The attacks also use a variety of other attack techniques, such as socially engineering users to enable macros on Microsoft Office, using images to hide code, and widespread encryption of resources.
While attackers will do the minimum necessary to successfully compromise systems, they need to do more because defenders are getting better, says Holder Unterbrink, a threat researcher with Cisco Talos.
"Operating systems got much more secure than they were a few years ago, [so] attackers need to adapt," he says. "Malware is a business [and so they have to build] malware which is good enough to bypass security measures on a reasonable number of devices."
The LokiBot malware is not alone in its growing sophistication to prevent analysis and detection. In October, Facebook revealed that adware used session cookies, geolocation spoofing, and changing of security settings to keep persistence on its platform, resulting in charges of more than $4 million. In general, attackers are more likely to use the one-off Web addresses to fool blocklists, focu ..
Support the originator by clicking the read the rest link below.
