New report reveals how malware uses evasion to hide in plain sight
People have been hiding secrets in everyday objects for hundreds of years. The digital world is no exception, and McAfee Labs has released its latest Quarterly Threat Report, part of which looks at how evasion techniques can be used to distribute malware.
The use of evasion techniques started in the 1980s, when a piece of malware defended itself by partially encrypting its own code, making the content unreadable by security analysts. Since then a dark market for off-the-shelf evasion technology has developed and several contemporary malware families now make use of evasion techniques.
"There are hundreds, if not thousands, of anti-security, anti-sandbox, and anti-analyst evasion techniques employed by hackers and malware authors, and many of them can be purchased off the shelf from the Dark Web," says Vincent Weafer, vice president of McAfee Labs. "This quarter's report reminds us that evasion has evolved from trying to hide simple threats executing on a single box, to the hiding of complex threats targeting enterprise environments over an extended period of time, to entirely new paradigms, such as evasion techniques designed for machine learning based protection."
One of the most commonly used techniques is steganography, which involves hiding messages in images, audio tracks, video clips, or text files. McAfee has identified network steganography as the newest form of this discipline, employing unused fields within TCP/IP protocol headers to hide data. This method is on the rise because attackers can send an unlimited amount of information through the network using this technique.
Other findings in the report include the rise of the Fareit password stealing malware, implicated in the high-profile Democratic National Committee breach before the 2016 US Presidential election. Fareit spreads through mechanisms such as phishing emails, DNS poisoning, and exploit kits.
"With people, businesses, and governments increasingly dependent on systems and devices that are protected only by passwords, these credentials are weak or easily stolen, creating an attractive target for cybercriminals," Weafer adds. "McAfee Labs believes attacks using password-stealing tactics are likely to continue to increase in number until we transition to two-factor authentication for system access."
You can find out more, including the latest trends in malware, in the full report available from the McAfee website.
Image credit: benchyb / depositphotos.com