It's a recurring theme in sports movies, war stories and crime stories alike: In order to defeat the enemy, one must think like the enemy.
This approach has been taken – oftentimes quite successfully – in an array of settings, including the cybersecurity realm. Security researchers are constantly working to pinpoint and better understand the techniques used by hackers in an effort to create targeted protections for specific threats. What many don't realize, however, is that there's a similar trend growing on the other side of the fence.
Similar to their white hat counterparts, malicious hackers are always looking to advance their capabilities. Instead of leveraging known system vulnerabilities, though, some attackers are now seeking to use the very protection measures organizations deploy to block malicious activity against them.
But how are cybercriminals able to flip the board on the security measures consumers as well as businesses utilize to safeguard their most important data and content? Let's take a look at a few sneaky techniques being employed by today's hackers.
Turning employee training on its head
One of the main cornerstones of many businesses' security stance is specialized training for its employees. This helps workers understand how to spot malicious activity that could be the beginning of an attack, as well as their individual roles in the company's holistic data protection. In many of these training sessions, employees are taught not to provide sensitive personal or corporate details, unless to an individual or group of authority.
Knowing this, hackers began utilizing phishing techniques, which hinge on the use of an official-looking message that convinces victims to part with the sensitive information they've been trained to protect. Within these attacks, attackers could create a legitimate-appearing message from an authoritative group like a bank or even law enforcement.
In some cases, when the attack is targeted at a specific person within a certain business, the hacker will go so far as to learn about the individual and establish a message that caters to them specifically. This could include the individual's name, company title and other details in an effort to win the reader over and encourage a click on a malicious link or attachment that infects the system.
Social engineering techniques also seek to leverage standard training against organizations by luring victims in and gaining their trust. Like many attacks, social engineering is often financially motivated – attackers seek out details that can be used to gain a profit, whether through subsequent fraudulent activity or the sale of stolen data.
As Trend Micro noted, social engineering attacks have gotten more sophisticated than ever, and now draw upon current events, celebrity gossip and other news to peak a victim's interest, lead them to a malicious website and steal their data.
As Digital Guardian contributor Nate Lord pointed out, hackers use psychological manipulation to trick users. While, especially within enterprise circles, users are trained to spot this kind of activity, hackers are still having success with social engineering and phishing attacks, appearing legitimate enough to allow for data theft.
Evading security solutions
Phishing and social engineering have been around for quite some time, but this hasn't diminished the impact these attacks have on the businesses falling victim to them. In fact, The Anti-Phishing Group reported that 2016 was a record-breaking year in terms of phishing, which broke the one-million-attack threshold. What's more, SC Magazine reported late last year that more than half of all enterprises – 60
"More than half of all enterprises – 60 percent – experienced a social engineering attack in 2016."
percent – experienced a social engineering attack in 2016.
While these are certainly formidable threats, they pale in comparison with Trend Micro's recent prediction. According to the 2017 Security Predictions report, Trend Micro researchers are forecasting a sharp rise in attacks leveraging specific evasion techniques. These tactics enable a hacker to remain hidden in their malicious activities as they attempt to spur infection, and maintain cloaking even once inside a victim's system.
"We will also see improved means of staying hidden within a network once infiltrated," Trend Micro's Jon Clay wrote. "Ensuring their malware is undetectable will be high on their priority list and this will be accomplished regularly replacing it with new malware designed to be Fully UnDetectable."
In fact, many hackers are now taking part in underground testing to ensure their malicious programs truly are undetectable. Clay explained that hackers are beginning to offer testing services to see how malware stacks up against specific security vendors' products.
In addition, this approach is expanding to target even the most advanced, emerging technical capabilities. This includes targeting and creating evasion techniques specifically for machine learning, enabling attackers to infiltrate these systems and exfiltrate data while remaining hidden from victim's safeguards.
Hackers are getting more sophisticated every day, leveraging increasingly advanced infection measures to bore into victim systems and steal information. While these attacks can be particularly difficult to guard against, the first step in protection is awareness.
Protection against these types of advanced attacks requires a layered-security strategy that helps detect risks across the entire threat lifecycle. In this way, if hackers are able to bypass one layer of security, other subsequent layers can help block the overall threat.
To find out more about these emerging strategies and how you can secure your organization, contact the experts at Trend Micro today.