Catch Evasive Threats That Hide Behind Real Network Traffic
Threat actors have found a way to use an enterprise’s own network traffic to cloak their activities while in the company’s system. Given this camouflage, targeted attacks are almost rendered invisible. How then can IT and security administrators catch these complex attacks when they don’t even rouse suspicion?
The most effective targeted attacks often use a combination of tried-and-tested threats, the kind that are proven effective against different network types. Attackers likely use techniques that actively exploit flaws or perform malicious routines. They then pair these up with methods that evade advanced security measures.
There is currently a lack of published information that outlines the technicalities of these advanced attack methods. However, this should not hinder IT and security administrators from keeping a close eye on the systems they’re managing. Threat actors can use the simplest methods—like taking advantage of real network traffic—to infiltrate their target networks.
There is no single way to detect or protect against threats that blend in with real network traffic. In Network Detection Evasion Methods: Blending with Legitimate Traffic, we explain how malware can be detected using a network traffic monitoring and file structure and behavior analyses. We further expound on how a combination of two or all of these security measures can be effective against threats like:
- FAKEM, a remote access Trojan (RAT) which disguises malicious traffic to look like that of Windows® Live™ Messenger or Yahoo!® Messenger
- Rodecap or Mutator, which spoofs HTML headers to blend in
- C0d0s0 or IEXPL0RE RAT, which poses as a Microsoft™ Windows update
Administrators need to ensure that they are presently ready to defend their networks against the persistence of these methods. Having the appropriate defensive strategies in place will not only help prevent these kinds of attacks from advancing within their network, it will also prepare their company for future attacks and threats that may evolve over time.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report