“What happens if our network is compromised?” is a question that security professionals have been asking for some time. But for a variety of reasons – ranging from network transformation efforts to more sophisticated attack methods – this question has now become, “how do we even know if our network has been compromised?”
One reason for this is that as cybercriminals increasingly invest in new strategies designed to evade detection, there is little to no evidence that anything is amiss until after attackers have achieved their goals.
The Rise of Anti-Analysis Attack Strategies
Most of us are familiar with some of the more sophisticated security attack strategies being used to ensure attacks can be successful. They range from advanced strategies, such as using machine learning combined with metamorphic or polymorphic exploits that can learn from and adapt to network defenses, to malware that leverages tools already installed on the network. Fortunately, many of us have countermeasures in place that allow us to detect and effectively respond to such efforts.
As a result, cybercriminals are adopting new techniques to obscure their efforts and evade detection and analysis so they can complete their plans. Some examples of anti-analysis techniques include routines that enable malware to detect when it is running within a sandbox environment or even in a system emulator, functions for disabling security tools on an infected system, and the use of junk data to make disassembly harder. MITRE currently lists more than 60 anti-analysis and evasion techniques—some new and some old—that attackers employ to slip past defenses and remain undetected so they can achieve their aims uninterrupted.
This seems to be a trend with legs. Last quarter, several reports identified new malware with sophisticated defense-evasion techniques built into them that indicate rapid ad ..
Support the originator by clicking the read the rest link below.
