Information Technology

Lessons Learned From A Hacker: What Are Modern Evasion Tactics Telling Us About Our Security Posture?

<p style="text-align: justify;">Today, in 2022, organizations and individuals face a serious and increasing digital threat.&nbsp;</p><p style="text-align: justify;">Cyber incidents, referred to as 'hacking', are more and more common. These incidents cause suffering from business disruption and loss of data, and the victims also need to contend with the subsequent aftermath.&nbsp;</p><p style="text-align: justify;">This aftermath could be the loss of trust in their clients or a drop in share price for public companies. Furthermore, these organizations can also receive punitive fines if specific data types are lost, costing Office hundreds of millions of pounds.&nbsp;<br />&nbsp;<br />With this threat occurring every day, the cyber security industry has risen worth &pound;10.1 billion in the UK in 2021, rising 77% from &pound;5.7 billion in 2017.&nbsp;</p><h2 style="text-align: justify;"><span style="font-size: 14pt;">Cyber Security Industry</span></h2><p style="text-align: justify;">Due to this situation, the security industry has created multiple standards and frameworks to follow, as well as software solutions, services, membership, and government organizations to conferences.&nbsp;</p><p style="text-align: justify;">Whilst each of these provide advice and solutions to digital risks. They may have multiple mitigation strategies, not all of which have empirical evidence of their effectiveness; with varied communication and implementation, there is substantial room for different and diverse levels of effectiveness.</p><p style="text-align: justify;">One example that comes to mind is controls pertaining to malware protection. Whilst security standards make recommendations requiring organizations to install "anti-malware" protection, not all antivirus vendors have the same capabilities; if we turn to hackers' Tactics, Tools, and Procedures (TTPs), we can start to dissect some of the real differences between providers.&nbsp;</p><p style="text-align: justify;"><strong>Malware Protection</strong></p><p style="text-align: justify;">Standard practice for hackers is to "live off the land" and use a power shell to run malicious commands in memory in an attempt to evade antivirus functionality through reflective expressions. To counter this tactic, Microsoft created Antimalware Scan Interface (AMSI) to detect and mitigate this kind of attack.</p><p style="text-align: justify;">However, at the time of writing, only approximately 81% of antivirus providers have this functionality enabled; whilst the adoption rate of this technology is concerning, a greater concern should be highlighted as AMSI was released in 2015, but the majority of the antivirus providers took between three to six years to implement the interface standard.</p><p style="text-align: justify;">Whilst this missive acts as a cautionary tale, using a small example in a wide-reaching industry. The lesson here is to ask the right questions and understand the gaps between the advice you are following and your invested tools.</p><p style="text-align: justify;">&nbsp;</p><p><span style="font-size: 10pt;"><em>This article was contributed by our expert <a href="">Patrick Wake</a></em></span></p><p>&nbsp;</p><h3><span style="font-size: 18pt;">Frequently Asked Questions Answered by Patrick Wake</span></h3><h2><span style="font-size: 12pt;">1. What are the latest advancements in cyber security?</span></h2><p>Whilst machine learning and AI have been heavily advertised, and their benefits have been widely researched. Tremendous advances have been made in heuristic detection and behavioural analytics, looking for malicious actors living off the land and using seemingly benign software.</p><h2><span style="font-size: 12pt;">2. What are some of the emerging IT security technologies?</span></h2><p>Extended Detection and Response (XDR) is an emerging technology that looks to extend further an organisation's Endpoint Detection and Response (EDR) view of their technology estate. Where EDR typically looks after endpoints, XDR can utilise system logs and APIs from 3rd party vendors and cloud providers&mdash;allowing for better oversight and integration from defensive controls.</p><h2><span style="font-size: 12pt;">3. What are the top challenges to cyber security in 2022?</span></h2><p>The real challenges seen in 2022 are focused on getting the foundations right. On too many occasions, I have seen organisations focusing on the latest trends and fads when patching, OS Hardening and asset management are put to the sidelines.</p><p>With technical elements put to one side, we also need to review the human element. Hiring and retaining skilled talent is still challenging, with the market seeing a rise in salaries and the need for a hybrid workforce.</p><h2><span style="font-size: 12pt;">4. Why are cyber-attacks increasing?</span></h2><p>This is not a simple question to answer in a couple of lines, but one explanation is that the dissemination of knowledge and access to technologies are becoming easier. An example of this can be seen in ransomware as a service, where the authors of these technologies create simple how-to guides and rent access to their malicious tools and software as a subscription model.</p><p>Allowing a less skilled user base access to a technology stack that would have previously been out of their reach, whilst all the while, the authors and creators of these services remain out of the reach of law-enforcement agencies.</p><h2><span style="font-size: 12pt;">5. What is Blockchain technology in cyber security?</span></h2><p>Whilst Blockchain technologies have grown in popularity since the late 2000s, focusing on decentralisation and encryption, there is yet to be a significant uptake in this technology within the cyber security industry. However, if the intent of Web 3.0 is to be realised, blockchain technology could play a large part in the general public's everyday lives.</p><p>&nbsp;</p>
KR Expert - Patrick Wake

Core Services

Human insights are irreplaceable in business decision making. Businesses rely on Knowledge Ridge to access valuable insights from custom-vetted experts across diverse specialties and industries globally.

Get Expert Insights Today