Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How Malware Bypasses Our Most Advanced Security Measures
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/13/2015 | 9:33:38 AM
Re: Thinking like a Hacker
on a special presentation over the BBC on U of M Public Radio the presenters noted that the internet is more than technology: it is an enabler

thus: when technology is used to provide some new service the hacker will examine that service asking "what does this enable?" how can I re-direct this to my own purpose ?

they are patient and they are persistent: if there is a way in: they will find it.
  • MALVERTISING : If I can purchase an ad on a high traffice web page and then update my ad to include malware then perhaps I can exploit a privilege escallation in your computer and get my program running in your computer.   After that when you sign into the credit union I can write myself a check.  Or if you do your taxes online I can steal your ID info
  • PHISHING : maybe I can send out some e/mail that looks legitimate but actually carries a TROJAN that can exploit a privilege escallation in your computer.   maybe I can pwn your box and add it to my BOTNET -- or other mischief
  • SQL INJECTION : if your server is feeding input data directly from the open web into your data base maybe I can send you a script where you are expecting data and get your database to transmit all your files to me
  • XSS ( Cross Site Scripting ) maybe when you are running a popular page I can get an ad or some phish bait to run a maliscious script from some hacker page
  • IDENTITY THEFT : maybe I can buy your identity from some darknet service such as SUPERGET ( See KREBS on this ) and come up with the info I need to do your taxes for you.  no charge for this service
  • AUTORUN on a thumb drive is another vector that often works to get malware into your computer
  • COMPROMISED enployee
  • SHORTCUTS -- bypassing security protocols for convenience
  • DOWNLOADS perhaps I can offer some cool program, often for free, -- and include some unpleasant surprises with the package .   often these come as SCAMWARE where it shows "check this box for ths cool added feature" -- and of course the box is already checked for you
  • SCAREWARE warnings such as "your computer is infected really really bad -- click here and we'll clean it up for you"


a lot of hacking depends on getting un-authorized programming, aka "malware", aka "virus" into the victim's computer(s).  and hacking also makes use of stolen identification data . reducing hacking depends on closing the opening that are being exploited.   Use a secure O/S where a secure O/S is one which will not permit itself to be modified by the actions of an application program.   A bad web page should not be able to infect your operating software.  AUTHENTICATE transactions.   Transactions include eMail obviously but also software transmittals and other important business such as your Forms 1040.

Technology is great but remember: it acts as an enabler.    Be careful waht you enable.
User Rank: Ninja
2/12/2015 | 10:39:18 AM
Re: we don't use our most advanced security system
But I love free donuts! My main point is that we need to start thinking like the attackers and planning accordingly instead of always being in reaction mode.

To your point, this would very much include preventative measures and user interaction for a comprehensive approach.
User Rank: Ninja
2/12/2015 | 10:35:50 AM
we don't use our most advanced security system
hack attacks are associated with un-authorized programming in many cases -- particularly the BLACKPOS and BACKOFF ram-scrapers used to steal credit card data.   these updates are installed on the victims' systems and this is possible because we fail to authenticate software changes before installing them,-- or we are using vulnerable operating software.   In many cases vulnerable operating software is exploited by malvertising or phishing -- both of which rely on our failure to authenticate.

in the case of tax fraud the hacking takes advantage of our failure to authenticate tax returns.

the authentication software -- originally PGP but now also GnuPG -- has been available for some time.   As I said: the problem is our failure to properly and effectively use or most advanced security measure: public key encryption.

proper authentication procedures require user participation.   it's not something that can be passed out like free donuts.


User Rank: Ninja
2/12/2015 | 8:30:33 AM
Re: Preventative measures?
It seems like that is the general template for now. Which is why security needs to promote further innovation instead of increasing the efficiency of dilapidated safeguards we currently use; as the vectors they seek to protect have already been exploited further than they could catch up to effectively.

I would like to see an increase in security firms seeking to construct new types of malware. I feel that with security professionals trying to think like malicious intenders that we would be able to construct strains similar to the ones that are rapidly appearing. Then in the case of an event we might be ready to mitigate it before it even becomes a threat.
User Rank: Apprentice
2/11/2015 | 7:07:29 PM
Re: Evasion Technique Prevention
Hi RyanSepe,

It'll be tricky to cover this in a single article but we'll definitely try. To at least comment on the techniques part of your question -- essentially this is what all AV vendors are doing or trying to do, detect malware regardless of the evasion techniques it uses.
User Rank: Apprentice
2/11/2015 | 7:01:32 PM
Re: Preventative measures?
Hi Whoopty,

Besides keeping your software stack (OS + 3rd party applications) up to date with security patches (and this also includes using the latest versions, especially for OS, since there are major security-related improvements between major OS versions), the practical solution against malware is having strong end point protection.

There is somewhat of an agreement in the security industry that there will always be some exploitable vulnerabilities, and that "something" will always get through. There are some solutions that try and isolate your sensitive data, but the main branch of solutions is about detecting the threat after it got into the system, and being able to mitigate it, before or after malicious code is executed.

In that sense, you're right in a way that it will likely always be infection-scan-cleanup although I would phrase it infection-detection-cleanup. Unless of course everyone writes perfect software :)

User Rank: Ninja
2/11/2015 | 11:56:49 AM
Preventative measures?
It often feels like beyond practicing basic anti-phishing security and steering clear of pirated software, there isn't much to be done to actively protect yourself from malware. Will it always be a case of infection-scan-cleanup? Will new types of malware always slip through the net until they're identified? 
User Rank: Ninja
2/11/2015 | 8:26:19 AM
Evasion Technique Prevention
Can you do a follow up to this article denoting current techniques and strategies to correspond with the evasions you posted? The other side of the coin would be good to have so that they can be critiqued as to why they may not be up to par. This will be helpful for future security architecting.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-10-03
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
PUBLISHED: 2022-10-03
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
PUBLISHED: 2022-10-03
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.