Attackers upping the ante on evasion and anti-analysis - Fortinet

SecurityBrief | August 12, 2019

Attackers upping the ante on evasion and anti-analysis - Fortinet
Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber-adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection. For example, a spam campaign demonstrates how adversaries are using and tweaking these techniques against defenders. The campaign involves the use of a phishing email with an attachment that turned out to be a weaponised Excel document with a malicious macro. The macro has attributes designed to disable security tools, execute commands arbitrarily, cause memory problems, and ensure that it only runs on Japanese systems. One property that it looks for in particular, an xlDate variable, seems to be undocumented. Another example involves a variant of the Dridex banking trojan which changes the names and hashes of files each time the victim logs in, making it difficult to spot the malware on infected host systems. The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defences and behaviour-based threat detection.

Spotlight

It’s no secret that digital technology has transformed the way we do business. It’s also no secret that many more changes lie ahead. Almost every year, a new digital technology arrives that disrupts the status quo and opens new operational vistas for enterprises. From the cloud, mobile and social innovations that have already changed our world, new advances in virtual reality (VR), blockchain, AI and quantum computing will arise and continue to reshape how we work and live.

Related News

DATA SECURITY

Salt Security to Launch Salt Labs to Increase Global Awareness of API Security Threats

Salt Security | July 16, 2021

The leading API security company, Salt Security, has announced today the launch of a now-public forum for publishing research on API vulnerabilities, Salt Labs. It will be a resource for enterprises looking to harden infrastructure against API risk through its vulnerability and threat research and industry reports. In addition, advancing the operation of Salt Security to offer complete API security and accelerate business improvement by making APIs attack-proof will also be a basis of more widespread public consciousness of API safety threats. API security concerns are a significant inhibitor of business modernization. For example, 66% of establishments have delayed the placement of a new application because of API security anxieties, according to the Salt Security State of API Security Report. To counter these concerns, Salt Labs will provide research and reports that organizations can use to progress their API security pose and alleviate threats affecting API-centric businesses. Several API security gaps are highlighted in today's inaugural vulnerability research at a large financial institution. Salt Labs researchers identified inadequate authorization for function access, susceptibility to parameter tampering, insufficient data access, and improper input filtering across the financial platform used by thousands of financial partners and customers. The Salt Labs researchers exploit these vulnerabilities to demonstrate that: 1. Any user could launch an application-level denial of service attack that would render entire applications unavailable. 2. Any user could read any financial records of any customer, despite lacking the proper authorization. 3. Any user could tamper with authentication parameters and take over any account. 4. Any user could delete any customer's user accounts across the financial platform. About Salt Security Salt Security was originated in 2016 by alumni of the Israeli Defense Forces (IDF) and serial businessperson executives in the cybersecurity field and is based in Silicon Valley and Israel. Salt Security protects the APIs that form the core of every new application. Its API Security Platform is the industry's first patented solution to stop the next generation of API attacks, using machine learning and AI to mechanically and unceasingly recognize and protect APIs.

Read More

DATA SECURITY

Argus partners with Microsoft to provide Microsoft Azure IoT end-to-end Cyber Security Cloud solution for car manufacturers.

Argus | March 30, 2021

Argus Cyber Security, a global pioneer in the field of cyber automotive security, cooperated with Microsoft Azure IoT to help car manufacturers to track, identify, and mitigate cloud attacks. Argus Fleet Protection, an Automotive Security Operation Center (ASOC) solution, in-vehicle insights from Argus Connected ECU Protection, and update capability with Argus Software Updates Over-the-Air comprise the Argus cybersecurity package for automotive applications, which is combined with Azure IoT. (OTA). The complete end-to-end cloud solution is one of the first to provide car manufactures with on-board and off-board tracking for the cyber wellbeing of their fleet. This automotive collaboration allows car manufacturers better access to security-related in-vehicle information as well as extensive coverage of security incidents. Argus Connected ECU Protection detects operating system irregularities and unusual behavior in the vehicle using customer-defined hazard models and is implemented on connected ECUs such as telematics, infotainment centers, and ADAS systems. Threat models may be built on UNECE R 155 (WP.29), the MITRE Attack structure, or some other model that is selected. Vehicle warnings are sent to Argus Fleet Protection, where they are paired with information from other sources in dedicated automotive hazard hunting and investigation modules. Vehicle manufacturers will create a more reliable, all-encompassing cyber intelligence picture by combining end-to-end automotive cyber protection with Microsoft Azure IoT. Furthermore, using Argus Delta OTA update technologies, car manufactures will immediately incorporate security upgrades to minimize vulnerability to cyber threats while reducing vehicle downtimes and deployment costs. "We are thrilled to be joining the world's leading businesses on Microsoft Azure. It represents a significant step forward for vehicle manufacturers looking to minimize their exposure to cyber risk while still adhering to applicable requirements and regulations such as UNR 155 (WP.29) "said Miki Hakak, Argus Cyber Security's VP Marketing, and Business Development. "By collaborating with a global leader like Microsoft, we're making it easier for vehicle manufacturers to cost-effectively incorporate cyber protection into their vehicles without disrupting manufacturing cycles or project risk." "Cybersecurity is a critical component in the transition to connected and autonomous vehicles," said Avijit Sinha, Microsoft's general manager for Azure Mobility. "Argus offers robust and flexible tools to ensure security through a vehicle's diverse computing resources and networks, whether it's avoiding attacks on safety-critical functions or personal data theft. The partnership of Argus and Microsoft Azure IoT offers a roadmap for automakers aiming to achieve their target of stable connected and autonomous vehicles." ABOUT ARGUS CYBER SECURITY To secure connected cars and commercial vehicles from cyber-attacks, Argus, a world pioneer in automotive cyber protection, offers in-vehicle solutions, consulting services, and an automotive security operation center (ASOC). Customers include automakers, retailers, and fleet managers. Argus products and services, which are currently in development, assist in the prevention, tracking, and reaction to cyber threats on in-vehicle components, networks, and post-production fleets. Via a suite of customized advisory services that help incorporate data security standards and procedures into the whole product lifecycle, Argus professional services assist its clients in complying with applicable guidelines and regulations, such as UNECE R 155 (WP. 29). Argus' groundbreaking approaches and solutions are based on decades of cybersecurity and automotive research, which has resulted in more than 70 awarded and pending patents. Argus was founded in 2013 in Tel Aviv, Israel, and has offices in Michigan, Stuttgart, Tokyo, Shanghai, and Korea. Argus is a wholly-owned subsidiary of Elektrobit, a multinational supplier of automotive products and services.

Read More

Stop Measuring Your Cybersecurity in Terms of Budget

DCMS | May 11, 2020

Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers. The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks. Clearly measuring how strong your cybersecurity is can no longer be done by how much money is spent on it each year. The last decade has seen an explosion in cybersecurity spending, with the global market now valued at $112bn in 2019. Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers, but is this correlating with a reduction in cybercrime? A recent report found that while 85 percent of companies rated their security stack incredibly highly, 86 percent of them had still suffered a data breach in the last 12 months. Clearly there is a disconnect between how companies are measuring their cybersecurity readiness and achieving effective security in reality. The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks. While these systems are effective, they still require employees with the sufficient skills to work them properly. Given that the DCMS recently found that 48 percent of UK businesses struggled to find employees with basic cyber skills, for example being able to configure a firewall correctly, it seems unlikely that the majority of companies are getting the most out of these tools. Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY . “Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily”. Experts often say that one of the best ways of defending your network is educating employees to be on the lookout for risks. However, often many businesses are not taking their human cyber readiness into account. This is because they are unable to effectively measure the skills of their cyber team. Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily. “ If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information”. However, failing to measure your human readiness companies can open themselves up to increased risk. For example, many organizations carry out breach simulations to provide crucial experience for the day when there is a real attack. However, businesses rarely measure how well their teams coped with each scenario and what training and actions should come from it. If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information. In the past, the only measure companies had to judge their employees was through what certificates they held. This led to hiring professionals on huge salaries who have been working in the industry for many years and have secured the correct qualifications. Just because they have a certificate does not mean they are necessarily better at handling a threat as the most junior person on the team. This is because it is impossible to know who is best to handle a response simply by looking at certificates. The junior member could have had more recent experience in handling that type of threat, or recently read about the latest techniques. By being able to continually measure who in the team is stronger at certain tasks can go a long way in improving efficiency in defending against attacks. Often, rather than hiring in the talent from outside their teams, organizations could spend a fraction of the budget and focus on upskilling their own existing staff. Of course, to do this you first need to know what skills your team already has, and where there are gaps that need to be filled. Learn more: CYBER SECURITY GUIDANCE FOR REMOTE WORKING .

Read More

Spotlight

It’s no secret that digital technology has transformed the way we do business. It’s also no secret that many more changes lie ahead. Almost every year, a new digital technology arrives that disrupts the status quo and opens new operational vistas for enterprises. From the cloud, mobile and social innovations that have already changed our world, new advances in virtual reality (VR), blockchain, AI and quantum computing will arise and continue to reshape how we work and live.