CISOs have an array of ever-improving tools to help spot and stop malicious activity: network monitoring tools, virus scanners, software composition analysis (SCA) tools, digital forensics and incident response (DFIR) solutions, and more.
But of course, cybersecurity is an ongoing battle between attack and defense, and the attackers continue to pose novel challenges.
Older techniques, such as steganography—the art of hiding information including malicious payloads in otherwise benign files, such as images—are evolving, leading to new possibilities. For example, recently a researcher demonstrated even Twitter wasn’t immune to steganography, and images on the platform could be abused to pack ZIP archives of up to 3MB within them.
However, in my own research, I have noticed that in addition to using obfuscation, steganography, and malware packing techniques, threat actors today frequently take advantage of legitimate services, platforms, protocols, and tools to conduct their activities. This lets them blend in with traffic or activity that may look “clean” to human analysts and machines alike.
Here are five tactics cybercriminals are using to cover their tracks today.