Hackers are becoming more and more capable
Much discussion has been had about the fact that hackers are becoming increasingly sophisticated, and their methods ever-increasing in their complexity. While that's certainly true, more complex isn't always better.
Let's look at case study
Take, for example, the malware called Separ, which is a credential-siphoning bit of code, first detected in late 2017.
Separ has benefitted from ongoing development by the hackers controlling it, but what sets it apart from other malware strains is that it's almost deceptively simple, and that simplicity is a big part of its success.
The program is surprisingly good at evading detection, thanks to clever use of a combination of short scripts and legitimate executable files that are commonly used for completely benign purposes. This allows them to blend in and be utterly overlooked by most detection routines.
The most recent iteration of the software is embedded in a PDF. When an unsuspecting user clicks to open the file, Separ runs a chain of other apps and file types commonly used by System Admins. The initial double click runs a simple Visual Basic Script (VBS), which in turn, executes a batch script.
The batch script sets up several directories and copies files to them. Then it launches a second batch script, which opens a decoy image to high command windows, lowers firewall protections, and saves the changes to an 'ipconfig' file.
Then, it gets down to its real work, again, relying on completely legitimate executables to collect passwords and move them to the hackers' command and control server.
According to Deep Instinct's Threat Intelligence group
"Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective. The use of scripts and legitimate binaries, in a 'living off the land' scenario, means the attacker successfully evades detection, despite the simplicity of the attack."
Be sure your IT staff aware. It's not always the most complex forms of malware that can get you.
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.
Denis S Wilson
I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, and nonprofit companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.
I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.
Contact me if you would like me to speak at your meeting.